<FILENAME filename="index.html"><html><head><title>The Kleopatra Handbook</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="description" content="Kleopatra is a tool for managing X.509 and OpenPGP certificates."><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="next" href="introduction.html" title="Chapter 1. Introduction"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> The <span class="application">Kleopatra</span> Handbook</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="introduction.html">Next</a></td></tr></table></div><div id="contentBody"><div lang="en" class="book"><div class="titlepage"><div><div><h1 class="title"><a name="kleopatra"></a>The <span class="application">Kleopatra</span> Handbook</h1></div><div><div class="authorgroup"><p class="author"><span class="firstname">Marc</span> <span class="surname">Mutz</span> <code class="email"><marc@kdab.net></code></p><span class="othercredit"><span class="contrib">Developer</span>: <span class="firstname">David</span> <span class="surname">Faure</span><br></span><span class="othercredit"><span class="contrib">Developer</span>: <span class="firstname">Steffen</span> <span class="surname">Hansen</span><br></span><span class="othercredit"><span class="contrib">Developer</span>: <span class="firstname">Matthias Kalle</span> <span class="surname">Dalheimer</span><br></span><span class="othercredit"><span class="contrib">Developer</span>: <span class="firstname">Jesper</span> <span class="surname">Pedersen</span><br></span><span class="othercredit"><span class="contrib">Developer</span>: <span class="firstname">Daniel</span> <span class="surname">Molkentin</span><br></span></div></div><div>Revision <span class="releaseinfo">2.1.1 (<span class="orgname">KDE<br></span> 4.11) (<span class="date">2013-07-04</span>)</span></div><div><p>This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.</p><p>This program is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied warranty
of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.</p><p>You should have received a copy of the GNU General Public
License along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.</p></div><div><div><div class="abstract"><p>
<span class="application">Kleopatra</span> is a tool for managing <a class="ulink" href="https://en.wikipedia.org/wiki/X.509" target="_top"><acronym class="acronym">X.509</acronym></a> and <a class="ulink" href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP" target="_top"><acronym class="acronym">OpenPGP</acronym></a> certificates.
</p></div></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="chapter"><a href="introduction.html">1. Introduction</a></span></dt><dt><span class="chapter"><a href="functions.html">2. Main Functions</a></span></dt><dd><dl><dt><span class="sect1"><a href="functions.html#functions-view">Viewing the Local Keybox</a></span></dt><dt><span class="sect1"><a href="functions-search.html">Searching and Importing Certificates</a></span></dt><dt><span class="sect1"><a href="functions-newkey.html">Creating New Key Pairs</a></span></dt><dd><dl><dt><span class="sect2"><a href="functions-newkey.html#key-revoke">Revoking a key</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="menu.html">3. Menu Reference</a></span></dt><dd><dl><dt><span class="sect1"><a href="menu.html#menufile">File Menu</a></span></dt><dt><span class="sect1"><a href="menuview.html">View Menu</a></span></dt><dt><span class="sect1"><a href="menucertificates.html">Certificates Menu</a></span></dt><dt><span class="sect1"><a href="menutools.html">Tools Menu</a></span></dt><dt><span class="sect1"><a href="menusettings.html">Settings Menu</a></span></dt><dt><span class="sect1"><a href="menuwindow.html">Window Menu</a></span></dt><dt><span class="sect1"><a href="menuhelp.html">Help Menu</a></span></dt></dl></dd><dt><span class="chapter"><a href="commandline-options.html">4. Command Line Options Reference</a></span></dt><dt><span class="chapter"><a href="configuration.html">5. Configuring <span class="application">Kleopatra</span></a></span></dt><dd><dl><dt><span class="sect1"><a href="configuration.html#configuration-directory-services">Configuring Directory Services</a></span></dt><dt><span class="sect1"><a href="configuration-appearance.html">Configuring Appearance</a></span></dt><dd><dl><dt><span class="sect2"><a href="configuration-appearance.html#configuration-appearance-tooltips">Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Tooltips</span></span></a></span></dt><dt><span class="sect2"><a href="configuration-appearance.html#configuration-appearance-certificate-filters">Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Certificate Categories</span></span></a></span></dt><dt><span class="sect2"><a href="configuration-appearance.html#configuration-dn-order">Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">DN-Attribute Order</span></span></a></span></dt></dl></dd><dt><span class="sect1"><a href="configuration-crypto-operations.html">Configuring Crypto Operations</a></span></dt><dd><dl><dt><span class="sect2"><a href="configuration-crypto-operations.html#configuration-crypto-operations-email">Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">EMail Operations</span></span></a></span></dt><dt><span class="sect2"><a href="configuration-crypto-operations.html#configuration-crypto-operations-file">Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">File Operations</span></span></a></span></dt></dl></dd><dt><span class="sect1"><a href="configuration-smime-validation.html">Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation</a></span></dt><dd><dl><dt><span class="sect2"><a href="configuration-smime-validation.html#configuration-smime-validation-interval-checking">Configuring interval certificate checking</a></span></dt><dt><span class="sect2"><a href="configuration-smime-validation.html#configuration-smime-validation-method">Configuring validation method</a></span></dt><dt><span class="sect2"><a href="configuration-smime-validation.html#configuration-smime-validation-options">Configuring validation options</a></span></dt><dt><span class="sect2"><a href="configuration-smime-validation.html#configuration-smime-validation-http-options">Configuring <acronym class="acronym">HTTP</acronym> request options</a></span></dt><dt><span class="sect2"><a href="configuration-smime-validation.html#configuration-smime-validation-ldap-options">Configuring <acronym class="acronym">LDAP</acronym> request options</a></span></dt></dl></dd><dt><span class="sect1"><a href="configuration-gnupg-system.html">Configuring the <span class="application">GnuPG</span> System</a></span></dt></dl></dd><dt><span class="chapter"><a href="admin.html">6. Administrator's Guide</a></span></dt><dd><dl><dt><span class="sect1"><a href="admin.html#admin-certificate-request-wizard">Customization of the Certificate-Creation Wizard</a></span></dt><dd><dl><dt><span class="sect2"><a href="admin.html#admin-certificate-request-wizard-dn">Customizing the <acronym class="acronym">DN</acronym> fields</a></span></dt><dt><span class="sect2"><a href="admin.html#admin-certificate-request-wizard-keys">Restricting the Types of Keys a User is Allowed to Create</a></span></dt></dl></dd><dt><span class="sect1"><a href="admin-key-filters.html">Creating and Editing Key Categories</a></span></dt><dt><span class="sect1"><a href="admin-archive-definitions.html">Configuring Archivers for Use with Sign/Encrypt Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="admin-archive-definitions.html#admin-archive-definitions-filename-passing">Input Filename Passing for <code class="literal">pack-command</code></a></span></dt></dl></dd><dt><span class="sect1"><a href="admin-checksum-definitions.html">Configuring Checksum Programs for Use with Create/Verify Checksums</a></span></dt></dl></dd><dt><span class="chapter"><a href="credits-and-license.html">7. Credits and License</a></span></dt></dl></div><div class="list-of-tables"><p><b>List of Tables</b></p><dl><dt>5.1. <a href="configuration-gnupg-system.html#table-gpgconf-types">Mapping From <span class="application">GpgConf</span> Types To <acronym class="acronym">GUI</acronym> Controls</a></dt><dt>6.1. <a href="admin-key-filters.html#table-key-filters-appearance">Key-Filter Configuration Keys Defining Display
Properties</a></dt><dt>6.2. <a href="admin-key-filters.html#table-key-filters-criteria">Key-Filter Configuration Keys Defining Filter Criteria</a></dt></dl></div><div class="list-of-examples"><p><b>List of Examples</b></p><dl><dt>6.1. <a href="admin-key-filters.html#idm1898">Examples of key filters</a></dt></dl></div><FILENAME filename="introduction.html"><html><head><title>Chapter 1. Introduction</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="index.html" title="The Kleopatra Handbook"><link rel="next" href="functions.html" title="Chapter 2. Main Functions"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Introduction</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="index.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="functions.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="introduction"></a>Chapter 1. Introduction</h1></div></div></div><p><span class="application">Kleopatra</span> is the <span class="orgname">KDE</span> tool for managing <a class="ulink" href="https://en.wikipedia.org/wiki/X.509" target="_top"><acronym class="acronym">X.509</acronym></a> and <a class="ulink" href="httpis://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP" target="_top"><acronym class="acronym">OpenPGP</acronym></a> certificates in
the <a class="ulink" href="https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPGSM.html" target="_top"><span class="application">GpgSM</span></a> and <a class="ulink" href="https://en.wikipedia.org/wiki/GNU_Privacy_Guard" target="_top"><span class="application">GPG</span></a> keyboxes and for retrieving certificates from
<acronym class="acronym">LDAP</acronym> and other certificate servers.</p><p><span class="application">Kleopatra</span> can be started from <span class="application">KMail</span>'s <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Certificate Manager</span></span>
menu, as well as from the command line. The <span class="application">Kleopatra</span> executable is
named <strong class="userinput"><code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kleopatra</strong></span></span></code></strong>.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This program is named after Cleopatra, a famous female
Egyptian pharaoh that lived at the time of Julius Caesar, with whom
she had a child, Caesarion, unacknowledged as his heir.</p><p>The name was chosen since this program originates from the
<a class="ulink" href="https://www.gnupg.org/aegypten2/" target="_top">Ägypten
Projects</a> (Ägypten is German for Egypt). <span class="application">Kleopatra</span> is the
German spelling of Cleopatra.</p></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="index.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="functions.html">Next</a></td></tr><tr><td class="prevCell">The <span class="application">Kleopatra</span> Handbook </td><td class="upCell"> </td><td class="nextCell"> Main Functions</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="functions.html"><html><head><title>Chapter 2. Main Functions</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="introduction.html" title="Chapter 1. Introduction"><link rel="next" href="functions-search.html" title="Searching and Importing Certificates"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Main Functions</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="introduction.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="functions-search.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="functions"></a>Chapter 2. Main Functions</h1></div></div></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="functions-view"></a>Viewing the Local Keybox</h2></div></div></div><p><span class="application">Kleopatra</span>'s main function is to display and edit the contents
of the local keybox, which is similar to <span class="application">GPG</span>'s concept of keyrings,
albeit one should not stretch this analogy too much.</p><p>The main window is divided into the large key listing area consisting of several tabs, the
menubar and the <a class="link" href="functions-search.html" title="Searching and Importing Certificates">search bar</a> on
top, and a status bar at the bottom.</p><p>Each line in the key list corresponds to one certificate,
identified by the so-called <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Subject <acronym class="acronym">DN</acronym></span></span>. <acronym class="acronym">DN</acronym> is
an acronym for <span class="quote">“<span class="quote">Distinguished Name</span>”</span>, a hierarchical
identifier, much like a file system path with an unusual syntax, that is
supposed to globally uniquely identify a given certificate.</p><p>To be valid, and thus usable, (public) keys need to be signed by
a <acronym class="acronym">CA</acronym> (Certification Authority). These signatures are called
certificates, but usually the terms <span class="quote">“<span class="quote">certificate</span>”</span> and
<span class="quote">“<span class="quote">(public) key</span>”</span> are used interchangeably, and we will not
distinguish between them in this manual either, except when explicitly
noted.</p><p><acronym class="acronym">CA</acronym>s must in turn be signed by other <acronym class="acronym">CA</acronym>s to be valid. Of
course, this must end somewhere, so the top-level <acronym class="acronym">CA</acronym> (root-<acronym class="acronym">CA</acronym>)
signs its key with itself (this is called a self-signature). Root
certificates thus need to be assigned validity (commonly called trust)
manually, <abbr class="abbrev">e.g.</abbr> after comparing the fingerprint with the one on the
website of the <acronym class="acronym">CA</acronym>. This is typically done by the system administrator or
the vendor of a product using certificates, but can be done by the
user via <span class="application">GpgSM</span>'s command line interface.</p><p>To see which of the certificates are root certificates, you
switch to the hierarchical keylist mode with <a class="xref" href="menuview.html#view-hierarchical-key-list"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Hierarchical Certificate List</span></span></a>.</p><p>You can see the details of any certificate by double-clicking it
or using <a class="xref" href="menuview.html#view-certificate-details"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Certificate Details</span></span></a>. This opens a
dialog that shows the most common properties of the certificate, its
certificate chain (<abbr class="abbrev">i.e.</abbr> the chain of issuers up to the root-<acronym class="acronym">CA</acronym>), and
a dump of all information the backend is able to extract from the
certificate.</p><p>If you change the keybox without using <span class="application">Kleopatra</span> (<abbr class="abbrev">e.g.</abbr> using
<span class="application">GpgSM</span>'s command line interface), you can refresh the view with <a class="xref" href="menuview.html#view-redisplay">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Redisplay</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>F5</strong></span></strong></span>)
</a>.</p></div><FILENAME filename="functions-search.html"><html><head><title>Searching and Importing Certificates</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="functions.html" title="Chapter 2. Main Functions"><link rel="prev" href="functions.html" title="Chapter 2. Main Functions"><link rel="next" href="functions-newkey.html" title="Creating New Key Pairs"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Searching and Importing Certificates</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="functions.html">Prev</a></td><td class="upCell">Main Functions</td><td class="nextCell"><a accesskey="n" href="functions-newkey.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="functions-search"></a>Searching and Importing Certificates</h2></div></div></div><p>Most of the time, you will acquire new certificates by verifying
signatures in emails, since certificates are embedded in the
signatures made using them most of the time. However, if you need to
send a mail to someone you have not yet had contact with, you need to
fetch the certificate from an <acronym class="acronym">LDAP</acronym> folder (although <a class="ulink" href="https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPGSM.html#Invoking-GPGSM" target="_top">
<span class="application">GpgSM</span></a> can do
this automatically), or from a file. You also need to import your own
certificate after receiving the <acronym class="acronym">CA</acronym> answer to your certification
request.</p><p>To search for a certificate in an <acronym class="acronym">LDAP</acronym> directory, select
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Lookup Certificates on Server</span></span>
and enter some text (<abbr class="abbrev">e.g.</abbr> the name of the person
you want the certificate for) into the line edit of the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Keyserver
Certificate Lookup</span></span> dialog, then click on the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Search</span></span> button. The results will be displayed in the
key list below the search bar, where you can select certificates to
look at them by clicking the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Details</span></span> button
or download them with <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Import</span></span> into the
local keybox.</p><p>You can configure the list of <acronym class="acronym">LDAP</acronym> servers to search in the
<a class="link" href="configuration.html#configuration-directory-services" title="Configuring Directory Services"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Directory
Services</span></span></a> page of <span class="application">Kleopatra</span>'s configure dialog.</p><p>If you received the certificate as a file, try <a class="xref" href="menu.html#file-import-certificates">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Import Certificates...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>I</strong></span></strong></span>)
</a>. <span class="application">GpgSM</span> needs to understand the
format of the certificate file; please refer to <span class="application">GpgSM</span>'s manual for a
list of supported file formats.</p><p>If you did not <a class="link" href="functions-newkey.html" title="Creating New Key Pairs">create your
keypair with <span class="application">GpgSM</span></a>, you also need to manually import the
public key (as well as the secret key) from the PKCS#12 file you got from
the <acronym class="acronym">CA</acronym>. You can do this on the command line with <a class="link" href="commandline-options.html#commandline-option-import-certificate"><strong class="userinput"><code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kleopatra
<span class="option"><code class="option">--import-certificate</code></span>
<code class="filename">filename</code></strong></span></span></code></strong></a> or from
within <span class="application">Kleopatra</span> with <a class="xref" href="menu.html#file-import-certificates">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Import Certificates...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>I</strong></span></strong></span>)
</a>,
just as you would to for <span class="quote">“<span class="quote">normal</span>”</span> certificates.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="functions.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="functions-newkey.html">Next</a></td></tr><tr><td class="prevCell">Main Functions </td><td class="upCell">Main Functions</td><td class="nextCell"> Creating New Key Pairs</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="functions-newkey.html"><html><head><title>Creating New Key Pairs</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="functions.html" title="Chapter 2. Main Functions"><link rel="prev" href="functions-search.html" title="Searching and Importing Certificates"><link rel="next" href="menu.html" title="Chapter 3. Menu Reference"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Creating New Key Pairs</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="functions-search.html">Prev</a></td><td class="upCell">Main Functions</td><td class="nextCell"><a accesskey="n" href="menu.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="functions-newkey"></a>Creating New Key Pairs</h2></div></div></div><p>The menu item <a class="xref" href="menu.html#file-new-key-pair"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">New Certificate...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>N</strong></span></strong></span>)</a> starts the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Key Pair Creation Wizard</span></span> which will guide you through a
number of steps to create a certificate request.</p><p>Whenever you are done with a step in
the wizard, press <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Next</span></span> to go to the next step
(or <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Back</span></span> to review steps that are already
completed). The certificate request creation can be canceled at any
time by pressing the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Cancel</span></span> button.
</p><p>On the first page of the wizard choose which type of certificate you want to create:</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Create a personal OpenPGP key pair</span></span></span></dt><dd><p><acronym class="acronym">OpenPGP</acronym> key pairs are created locally, and certified by your friends and
acquaintances. There is no central certification authority; instead, every
individual creates a personal Web Of Trust by certifying other user's key
pairs with his own certificate.</p><p>You have to enter a <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Name</span></span>, <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">EMail</span></span> and
optional a <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Comment</span></span>.</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Create a personal X.509 key pair and certification request</span></span></span></dt><dd><p><acronym class="acronym">X.509</acronym> key pairs are created locally, but certified centrally by a
certification authority (<acronym class="acronym">CA</acronym>). <acronym class="acronym">CA</acronym>s can certify other <acronym class="acronym">CA</acronym>s, creating a central,
hierarchical chain of trust.</p><p>The next step in the wizard is to type in your personal data
for the certificate. The fields to fill out are:
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Common Name (CN):</span></span> Your name;</p></li><li class="listitem"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Email address (EMAIL):</span></span> Your email address; be sure
to type this in correctly—this will be the address people will be
sending mail to when they use your certificate.</p></li><li class="listitem"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Location (L):</span></span> The town or city in which you live;</p></li><li class="listitem"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Organizational unit (OU):</span></span> The organizational unit you are
in (for example, "Logistics");</p></li><li class="listitem"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Organization (O):</span></span> The organization you represent
(for example, the company you work for);</p></li><li class="listitem"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Country code (C):</span></span> The two letter code for the
country in which you are living (for example, "US");</p></li></ul></div><p>
</p><p>
The next step in the wizard is to select whether to store the
certificate in a file or send it directly to a <acronym class="acronym">CA</acronym>. You will have to
specify the filename or email address to send the certificate request to.
</p></dd></dl></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="key-revoke"></a>Revoking a key</h3></div></div></div><p>A key pair that has expired can be brought back into an operational state
as long as you have access to the private key and the passphrase. To
reliably render a key unusable you need to revoke it. Revoking is done by
adding a special revocation signature to the key.</p><p>This revocation signature is stored in a separate file. This file can later be imported into
the keyring and is then attached to the key rendering it unusable. Please
note that to import this signature to the key no password is required.
Therefore you should store this revocation signature in a safe place,
usually one that is different from you key pair. It is a good advise to
use a place that is detached from your computer, either copy it to an
external storage device like an USB stick or print it out.</p><p><span class="application">Kleopatra</span> does not provide a function to create such a revocation signature at any time,
but you can do that with the <span class="orgname">KDE</span> application <span class="application">KGpg</span> by choosing <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Keys</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Revoke key</span></span> and optionally importing the revocation signature
to your keyring immediately.</p><p>An alternative way of generating a revocation certificate is to use <span class="application">GPG</span> directly from the command line: <strong class="userinput"><code>gpg --output <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>revocation_certificate</code></em></span>.asc --gen-revoke <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>your_key</code></em></span></code></strong>. The argument <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>your_key</code></em></span> must be a key specifier, either the key ID of your primary keypair or any part of a user ID that identifies your keypair.</p></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="functions-search.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menu.html">Next</a></td></tr><tr><td class="prevCell">Searching and Importing Certificates </td><td class="upCell">Main Functions</td><td class="nextCell"> Menu Reference</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="introduction.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="functions-search.html">Next</a></td></tr><tr><td class="prevCell">Introduction </td><td class="upCell"> </td><td class="nextCell"> Searching and Importing Certificates</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="menu.html"><html><head><title>Chapter 3. Menu Reference</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="functions-newkey.html" title="Creating New Key Pairs"><link rel="next" href="menuview.html" title="View Menu"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Menu Reference</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="functions-newkey.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="menuview.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="menu"></a>Chapter 3. Menu Reference</h1></div></div></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menufile"></a>File Menu</h2></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="file-new-key-pair"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">New Certificate...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>N</strong></span></strong></span>)</span></dt><dd><p><span class="action">Creates a new key pair (public and private)</span> and
allows to send the public part to a certification authority
(<acronym class="acronym">CA</acronym>) for signing. The resulting certificate is then
sent back to you, or stored in an <acronym class="acronym">LDAP</acronym> server for you to download into
your local keybox, where you can use it to sign and decrypt
mails.</p><p>This mode of operation is called <span class="quote">“<span class="quote">decentralized key
generation</span>”</span>, since all keys are created locally. <span class="application">Kleopatra</span>
(and <span class="application">GpgSM</span>) do not support <span class="quote">“<span class="quote">centralized key generation</span>”</span>
directly, but you can import the public/secret key bundle that you
receive from the <acronym class="acronym">CA</acronym> in PKCS#12 format via <a class="xref" href="menu.html#file-import-certificates">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Import Certificates...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>I</strong></span></strong></span>)
</a>.</p></dd><dt><a name="file-lookup-certificates"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Lookup Certificates on Server...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Shift</strong></span>+<span class="keycap"><strong>I</strong></span></strong></span>)
</span></dt><dd><p>
<span class="action">Searches for, and imports, certificates from
certificate servers into the local keybox.</span> See
<a class="xref" href="functions-search.html" title="Searching and Importing Certificates">the section called “Searching and Importing Certificates”</a> for details.
</p><p>
You need to have key servers configured for this to
work. See
<a class="xref" href="configuration.html#configuration-directory-services" title="Configuring Directory Services">the section called “Configuring Directory Services”</a> for
more details.
</p></dd><dt><a name="file-import-certificates"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Import Certificates...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>I</strong></span></strong></span>)
</span></dt><dd><p>
<span class="action">Imports certificates and/or secret keys from
files into the local keybox.</span> See
<a class="xref" href="functions-search.html" title="Searching and Importing Certificates">the section called “Searching and Importing Certificates”</a> for details.
</p><p>
The format of the certificate file must be supported by
<span class="application">GpgSM</span>/<span class="application">GPG</span>. Please refer to the <span class="application">GpgSM</span> and <span class="application">GPG</span>
manuals for a list of supported formats.
</p></dd><dt><a name="file-export-certificates"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Export Certificates...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>E</strong></span></strong></span>)
</span></dt><dd><p>
<span class="action">Exports the selected certificates to a
file.</span>
</p><p>
The filename extension you choose for the export file
name determines the format of the export file:
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
For <acronym class="acronym">OpenPGP</acronym> certificates,
<code class="filename">gpg</code> and
<code class="filename">pgp</code> will result
in a binary file, whereas
<code class="filename">asc</code> will result
in an <acronym class="acronym">ASCII</acronym>-armored file.
</p></li><li class="listitem"><p>
For <acronym class="acronym">S/MIME</acronym> certificates,
<code class="filename">der</code> will result
in a binary, <acronym class="acronym">DER</acronym>-encoded file, whereas
<code class="filename">pem</code> will result
in an <acronym class="acronym">ASCII</acronym>-armored file.
</p></li></ul></div><p>
Unless multiple certificates are selected, <span class="application">Kleopatra</span>
will propose
<code class="filename"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>fingerprint</code></em></span>.{asc,pem}</code>
as the export file name.
</p><p>
This function is only available when one or more
certificates have been selected.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
This function exports only the public keys, even if
the secret key is available. Use
<a class="xref" href="menu.html#file-export-secret-key">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Export Secret Keys...</span></span>
</a> to export
the secret keys into a file.
</p></div></dd><dt><a name="file-export-secret-key"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Export Secret Keys...</span></span>
</span></dt><dd><p>
<span class="action">Exports the secret key to a file.</span>
</p><p>
In the dialog that opens, you can choose whether to
create a binary or an <acronym class="acronym">ASCII</acronym>-armored export file
(<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">ASCII armor</span></span>).
Next click on the folder icon at the right hand side of the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Output file</span></span> text box and select folder
and name of the export file. When exporting
<acronym class="acronym">S/MIME</acronym> secret keys, you can also choose the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Passphrase charset</span></span>. See the
discussion of the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--p12-charset <span class="replaceable"><em class="replaceable"><code>charset</code></em></span></code></span>
option in the <span class="application">GpgSM</span> manual for more details.
</p><p>
This function is only available when exactly one
certificate has been selected, and the secret key for
that certificate is available.
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
It should rarely be necessary to use this function,
and if it is, it should be carefully planned. Planning
the migration of a secret key involves choice of
transport media and secure deletion of the key data on
the old machine, as well as on the transport medium,
among other things.
</p></div></dd><dt><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Export Certificates to Server...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Shift</strong></span>+<span class="keycap"><strong>E</strong></span></strong></span>)
</span></dt><dd><p>
<span class="action">Publish the selected certificates on a
keyserver</span> (<acronym class="acronym">OpenPGP</acronym> only).
</p><p>
The certificate is sent to the certificate server
configured for <acronym class="acronym">OpenPGP</acronym>
(cf. <a class="xref" href="configuration.html#configuration-directory-services" title="Configuring Directory Services">the section called “Configuring Directory Services”</a>),
if that is set, otherwise to
<code class="systemitem">keys.gnupg.net</code>.
</p><p>
This function is only available if at least one
<acronym class="acronym">OpenPGP</acronym> (and no <acronym class="acronym">S/MIME</acronym>) certificates have been
selected.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
When <acronym class="acronym">OpenPGP</acronym> certificates have been exported to a
public directory server, it is nearly impossible to
remove them again. Before exporting your certificate
to a public directory server, make sure that you have
created a revocation certificate so you can revoke the
certificate if needed later.
</p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Most public <acronym class="acronym">OpenPGP</acronym> certificate servers synchronize
certificates amongst each other, so there is little
point in sending to more than one.
</p><p>
It can happen that a search on a certificate server
turns up no results even though you just have sent
your certificate there. This is because most public
keyserver addresses use <acronym class="acronym">DNS</acronym>
round-robin to balance the load over multiple
machines. These machines synchronize with each other,
but usually only every 24 hours or so.
</p></div></dd><dt><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Decrypt/Verify Files...</span></span>
</span></dt><dd><p>
<span class="action">Decrypts files and/or verifies
signatures</span> over files.
</p></dd><dt><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Sign/Encrypt Files...</span></span>
</span></dt><dd><p>
<span class="action">Signs and/or encrypts files.</span>
</p></dd><dt><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Close</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>W</strong></span></strong></span>)
</span></dt><dd><p>
<span class="action">Closes <span class="application">Kleopatra</span>'s main window.</span> You
can restore it from the system tray icon at any time.
</p></dd><dt><a name="file-quit"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Quit</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Q</strong></span></strong></span>)</span></dt><dd><p><span class="action">Terminates <span class="application">Kleopatra</span>.</span></p></dd></dl></div></div><FILENAME filename="menuview.html"><html><head><title>View Menu</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="menu.html" title="Chapter 3. Menu Reference"><link rel="prev" href="menu.html" title="Chapter 3. Menu Reference"><link rel="next" href="menucertificates.html" title="Certificates Menu"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> View Menu</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menu.html">Prev</a></td><td class="upCell">Menu Reference</td><td class="nextCell"><a accesskey="n" href="menucertificates.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menuview"></a>View Menu</h2></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="view-redisplay"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Redisplay</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>F5</strong></span></strong></span>)
</span></dt><dd><p>
<span class="action">Refreshes the certificate list.</span>
</p><p>
Using this function is usually not necessary, as
<span class="application">Kleopatra</span> monitors the file system for changes and
automatically refreshes the certificate list when
needed.
</p></dd><dt><a name="view-stop-operation"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Stop Operation</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Esc</strong></span></strong></span>)
</span></dt><dd><p>
<span class="action">Stops (cancels) all pending operations,</span>
<abbr class="abbrev">e.g.</abbr> a search, keylisting, or a download.
</p><p>
This function is only available if at least one
operation is active.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Due to backend limitations, sometimes operations will
hang in such a way that this function won't be able to
cancel them, right away, or at all.
</p><p>
In such cases, the only way to restore order is to
kill <span class="application">SCDaemon</span>, <span class="application">DirMngr</span>, <span class="application">GpgSM</span> and <span class="application">GPG</span>
processes, in that order, via the operating system
tools (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>top</strong></span></span>, Task-Manager,
<abbr class="abbrev">etc.</abbr>), until the operation get unblocked.
</p></div></dd><dt><a name="view-certificate-details"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Certificate Details</span></span></span></dt><dd><p><span class="action">Shows the details of the currently selected
certificate.</span></p><p>This function is only available if exactly one certificate is
selected.</p><p>This function is also available by double-clicking the
corresponding item in the list view directly.</p></dd><dt><a name="view-hierarchical-key-list"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Hierarchical Certificate List</span></span></span></dt><dd><p><span class="action"> Toggles between hierarchical and flat certificate list mode.
</span></p><p>In hierarchical mode, certificates are arranged in
issuer/subject relation, so it is easy to see which certification
hierarchy a given certificate belongs to, but a given certificate is
harder to find initially (though you can of course use the
<a class="link" href="functions-search.html" title="Searching and Importing Certificates">search bar</a>).</p><p>In flat mode, all certificates are displayed in a flat list,
sorted alphabetically. In this mode, a given certificate is easy to
find, but it is not directly clear which root certificate it belongs
to.</p><p>
This function toggles hierarchical mode per tab, <abbr class="abbrev">i.e.</abbr>
each tab has its own hierarchy state. This is so that
you can have both a flat and a hierarchical listing at
hand, each in its own tab.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Hierarchical display is currently only implemented for
<acronym class="acronym">S/MIME</acronym> certificates. There is disagreement amongst
the developers regarding the correct way to display
<acronym class="acronym">OpenPGP</acronym> certificates hierarchically (basically,
<span class="quote">“<span class="quote">parent = signer</span>”</span> or <span class="quote">“<span class="quote">parent
= signee</span>”</span>).
</p></div></dd><dt><a name="view-expand-all"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Expand All</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>.</strong></span></strong></span>)</span></dt><dd><p><span class="action">Expands all list items in the certificate list
view,</span> <abbr class="abbrev">i.e.</abbr> makes all items visible.</p><p>This is the default when entering hierarchical keylist
mode.</p><p>You can still expand and collapse each individual item by
itself, of course.</p><p>This function is only available when <a class="xref" href="menuview.html#view-hierarchical-key-list"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Hierarchical Certificate List</span></span></a> is on.</p></dd><dt><a name="view-collapse-all"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Collapse All</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>,</strong></span></strong></span>)</span></dt><dd><p><span class="action">Collapses all list items in the certificate list
view,</span> <abbr class="abbrev">i.e.</abbr> hides all but the top-level items.</p><p>You can still expand and collapse each individual item by
itself, of course.</p><p>This function is only available when <a class="xref" href="menuview.html#view-hierarchical-key-list"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Hierarchical Certificate List</span></span></a> is on.</p></dd></dl></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menu.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menucertificates.html">Next</a></td></tr><tr><td class="prevCell">Menu Reference </td><td class="upCell">Menu Reference</td><td class="nextCell"> Certificates Menu</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="menucertificates.html"><html><head><title>Certificates Menu</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="menu.html" title="Chapter 3. Menu Reference"><link rel="prev" href="menuview.html" title="View Menu"><link rel="next" href="menutools.html" title="Tools Menu"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Certificates Menu</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menuview.html">Prev</a></td><td class="upCell">Menu Reference</td><td class="nextCell"><a accesskey="n" href="menutools.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menucertificates"></a>Certificates Menu</h2></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="certificates-change-owner-trust"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Change Owner Trust...</span></span>
</span></dt><dd><p>
<span class="action">Changes the Owner Trust of the selected
<acronym class="acronym">OpenPGP</acronym> certificate.</span>
</p><p>
This function is only available when exactly one
<acronym class="acronym">OpenPGP</acronym> certificate is selected.
</p></dd><dt><a name="certificates-trust-root"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Trust Root Certificate</span></span>
</span></dt><dd><p>
<span class="action">Marks this (<acronym class="acronym">S/MIME</acronym>) root certificate as trusted.</span>
</p><p>
In some ways, this is the equivalent of <a class="xref" href="menucertificates.html#certificates-change-owner-trust">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Change Owner Trust...</span></span>
</a> for <acronym class="acronym">S/MIME</acronym>
root certificates. You can, however, only choose
between—in <acronym class="acronym">OpenPGP</acronym>
terms—<span class="quote">“<span class="quote">ultimate</span>”</span> trust and
<span class="quote">“<span class="quote">never trust</span>”</span>.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
The backend (by way of <span class="application">GpgAgent</span>) will ask at root
certificate import time whether to trust the imported
root certificate. However, that function must be
explicitly enabled in the backend configuration
(<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">allow-mark-trusted</code></span> in
<code class="filename">gpg-agent.conf</code>, or either
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">GnuPG System</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guisubmenu">GPG Agent</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Allow clients to mark keys as
"trusted"</span></span> or <a class="link" href="configuration-smime-validation.html#configuration-smime-validation-allow-mark-trusted"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">S/MIME Validation</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Allow to mark root certificates as
trusted</span></span></a> under <a class="xref" href="configuration.html" title="Chapter 5. Configuring Kleopatra">Chapter 5, <i>Configuring <span class="application">Kleopatra</span></i></a>).
</p><p>
Enabling that functionality in the backend can lead to
popups from <span class="application">PinEntry</span> at inopportune times (<abbr class="abbrev">e.g.</abbr> when
verifying signatures), and can thus block unattended
email processing. For that reason, and because it is
desirable to be able to <span class="emphasis"><em>distrust</em></span>
a trusted root certificate again, <span class="application">Kleopatra</span> allows
manual setting of trust.
</p></div><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
Due to lack of backend support for this function,
<span class="application">Kleopatra</span> needs to work directly on the <span class="application">GpgSM</span>
trust database
(<code class="filename">trustlist.txt</code>). When using this
function, make sure no other crypto operations are in
progress that could race with <span class="application">Kleopatra</span> for
modifications to that database.
</p></div><p>
This function is only available when exactly one <acronym class="acronym">S/MIME</acronym>
root certificate is selected, and that certificate is
not yet trusted.
</p><p>
Use <a class="xref" href="menucertificates.html#certificates-distrust-root">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Distrust Root Certificate</span></span>
</a> to undo
this function.
</p></dd><dt><a name="certificates-distrust-root"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Distrust Root Certificate</span></span>
</span></dt><dd><p>
<span class="action">Marks this (<acronym class="acronym">S/MIME</acronym>) root certificate as not trusted.</span>
</p><p>
This function is only available when exactly one <acronym class="acronym">S/MIME</acronym>
root certificate is selected, and that certificate is
currently trusted.
</p><p>
Used to undo <a class="xref" href="menucertificates.html#certificates-trust-root">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Trust Root Certificate</span></span>
</a>. See there for
details.
</p></dd><dt><a name="certificates-certify"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Certify Certificate...</span></span>
</span></dt><dd><p>
<span class="action">Allows you to certify another <acronym class="acronym">OpenPGP</acronym>
certificate.</span>
</p><p>
This function is only available if exactly one <acronym class="acronym">OpenPGP</acronym>
certificate is selected.
</p></dd><dt><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Change Expiry Date...</span></span>
</span></dt><dd><p>
<span class="action">Allows to change the expiry date of your <acronym class="acronym">OpenPGP</acronym> certificate.</span>
</p><p>
Use this function to extend the lifetime of your
<acronym class="acronym">OpenPGP</acronym> certificates as an alternative to either
creating a new one, or using unlimited lifetime
(<span class="quote">“<span class="quote">never expires</span>”</span>).
</p><p>
This function is only available if exactly one <acronym class="acronym">OpenPGP</acronym>
certificate is selected, and the secret key is available
for that certificate.
</p></dd><dt><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Change Passphrase...</span></span>
</span></dt><dd><p>
<span class="action">Allows to change the passphrase of your secret key.</span>
</p><p>
This function is only available if exactly one
certificate is selected, and the secret key is available
for that certificate. It requires a very recent backend,
since we changed the implementation from direct calling
of <span class="application">GPG</span> and <span class="application">GpgSM</span> to a <span class="application">GpgME</span>-based one.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
For security reasons, both the old as well as the new
passphrase is asked for by <span class="application">PinEntry</span>, a separate
process. Depending on the platform you are running on
and on the quality of the <span class="application">PinEntry</span> implementation on
that platform, it may happen that the <span class="application">PinEntry</span>
window comes up in the background. So, if you select
this function and nothing happens, check the operating
system's task bar in case a <span class="application">PinEntry</span> window is open
in the background.
</p></div></dd><dt><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Add User-ID...</span></span>
</span></dt><dd><p>
<span class="action">Allows to add a new User-ID to your <acronym class="acronym">OpenPGP</acronym> certificate.</span>
</p><p>
Use this to add new identities to an existing
certificate as an alternative to creating a new key
pair. An <acronym class="acronym">OpenPGP</acronym> user-ID has the following form:
</p><pre class="programlisting"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>Real Name</code></em></span> [<span class="optional">(<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>Comment</code></em></span>)</span>] <<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>Email</code></em></span>></pre><p>
In the dialog that comes up when you select this
function, <span class="application">Kleopatra</span> will ask you for each of the three
parameters (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>Real Name</code></em></span>,
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>Comment</code></em></span> and
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>Email</code></em></span>) separately, and
display the result in a preview.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
These parameters are subject to the
same Administrator restrictions as in new
certificates. See <a class="xref" href="functions-newkey.html" title="Creating New Key Pairs">the section called “Creating New Key Pairs”</a>
and <a class="xref" href="admin.html#admin-certificate-request-wizard" title="Customization of the Certificate-Creation Wizard">the section called “Customization of the Certificate-Creation Wizard”</a>
for details.
</p></div><p>
This function is only available when exactly one
<acronym class="acronym">OpenPGP</acronym> certificate is selected, and the secret key is
available for that certificate.
</p></dd><dt><a name="certificates-delete"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Delete</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Del</strong></span></strong></span>)
</span></dt><dd><p>
<span class="action">Deletes the selected certificates</span> from
the local keyring.
</p><p>
Use this function to remove unused keys from your local
keybox. However, since certificates are typically
attached to signed emails, verifying an email might
result in the key just removed to pop back into the
local keybox. So it is probably best to avoid using this
function as much as possible. When you are lost, use the
<a class="link" href="functions-search.html" title="Searching and Importing Certificates">search bar</a> or
the <a class="xref" href="menuview.html#view-hierarchical-key-list"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Hierarchical Certificate List</span></span></a>
function to regain control over the lot of
certificates.
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
There is one exception to the above: When you delete
one of your own certificates, you delete the secret
key along with it. This implies that you will not be
able to read past communication encrypted to you using
this certificate, unless you have a backup somewhere.
</p><p>
<span class="application">Kleopatra</span> will warn you when you attempt to delete a
secret key.
</p></div><p>
Due to the hierarchical nature of <acronym class="acronym">S/MIME</acronym> certificates,
if you delete an <acronym class="acronym">S/MIME</acronym> issuer certificate (<acronym class="acronym">CA</acronym> certificate),
all subjects are deleted, too.<a href="#ftn.idm687" class="footnote" name="idm687"><sup class="footnote">[1]</sup></a>
</p><p>
Naturally, this function is only available if you
selected at least one certificate.
</p></dd><dt><a name="certificates-dump-certificate"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Dump Certificate</span></span>
</span></dt><dd><p>
<span class="action">Shows all information that <span class="application">GpgSM</span> has about the
selected (<acronym class="acronym">S/MIME</acronym>) certificate.</span>
</p><p>
See the discussion about
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--dump-key <span class="replaceable"><em class="replaceable"><code>key</code></em></span></code></span>
in the <span class="application">GpgSM</span> manual for details about the output.
</p></dd></dl></div><div class="footnotes"><br><hr style="width:100; text-align:left;margin-left: 0"><div id="ftn.idm687" class="footnote"><p><a href="#idm687" class="para"><sup class="para">[1] </sup></a>This is the same as a
filesystem: When you delete a folder, you delete all
files and folders in it, too.</p></div></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menuview.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menutools.html">Next</a></td></tr><tr><td class="prevCell">View Menu </td><td class="upCell">Menu Reference</td><td class="nextCell"> Tools Menu</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="menutools.html"><html><head><title>Tools Menu</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="menu.html" title="Chapter 3. Menu Reference"><link rel="prev" href="menucertificates.html" title="Certificates Menu"><link rel="next" href="menusettings.html" title="Settings Menu"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Tools Menu</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menucertificates.html">Prev</a></td><td class="upCell">Menu Reference</td><td class="nextCell"><a accesskey="n" href="menusettings.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menutools"></a>Tools Menu</h2></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="tools-gnupg-log-viewer"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">GnuPG Log Viewer...</span></span>
</span></dt><dd><p>
<span class="action">Starts <a class="ulink" href="help:/kwatchgnupg/index.html" target="_top"><span class="application">KWatchGnuPG</span></a></span>,
a tool to present the debug output of <span class="application">GnuPG</span>
applications. If signing, encryption, or verification
mysteriously stop working, you might find out why by
looking at the log.
</p><p>
This function is not available on <span class="trademark">Windows</span>®, since the
underlying mechanisms are not implemented in the backend
on that platform.
</p></dd><dt><a name="certificates-refresh-openpgp"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh OpenPGP Certificates</span></span>
</span></dt><dd><p>
<span class="action">Refreshes all <acronym class="acronym">OpenPGP</acronym> certificates</span> by executing
</p><pre class="programlisting"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>gpg <span class="option"><code class="option">--refresh-keys</code></span></strong></span></span></pre><p>
After successful completion of the command, your local
keystore will reflect the latest changes with respect to
validity of <acronym class="acronym">OpenPGP</acronym> certificates.
</p><p>
See note under <a class="xref" href="menutools.html#certificates-refresh-x509">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh X.509 Certificates</span></span>
</a> for some caveats.
</p></dd><dt><a name="certificates-refresh-x509"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh X.509 Certificates</span></span>
</span></dt><dd><p>
<span class="action">Refreshes all <acronym class="acronym">S/MIME</acronym> certificates</span> by executing
</p><pre class="programlisting"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>gpgsm <span class="option"><code class="option">-k</code></span> <span class="option"><code class="option">--with-validation</code></span> <span class="option"><code class="option">--force-crl-refresh</code></span> <span class="option"><code class="option">--enable-crl-checks</code></span></strong></span></span></pre><p>
After successful completion of the command, your local
keystore will reflect the latest changes with respect to
validity of <acronym class="acronym">S/MIME</acronym> certificates.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Refreshing <acronym class="acronym">X.509</acronym> or <acronym class="acronym">OpenPGP</acronym> certificates implies
downloading all certificates and <acronym class="acronym">CRL</acronym>s, to check if any
of them have been revoked in the meantime.
</p><p>
This can put a severe strain on your own as well as
other people's network connections, and can take up to
an hour or more to complete, depending on your network
connection, and the number of certificates to check.
</p></div></dd><dt><a name="file-import-crls"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Import CRL From File...</span></span>
</span></dt><dd><p>
<span class="action">Lets you manually import <acronym class="acronym">CRL</acronym>s from
files.</span>
</p><p>
Normally, Certificate Revocation Lists (<acronym class="acronym">CRL</acronym>s) are
handled transparently by the backend, but it can
sometimes be useful to import a <acronym class="acronym">CRL</acronym> manually into the
local <acronym class="acronym">CRL</acronym> cache.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
For <acronym class="acronym">CRL</acronym> import to work, the <span class="application">DirMngr</span> tool must be in
the search <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="envar"><code class="envar">PATH</code></span>. If this menu item is
disabled, you should contact the system administrator
and ask them to install <span class="application">DirMngr</span>.
</p></div></dd><dt><a name="crls-clear-crl-cache"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Clear CRL Cache</span></span></span></dt><dd><p><span class="action">Clears the <span class="application">GpgSM</span> <acronym class="acronym">CRL</acronym> cache.</span></p><p>You probably never need this. You can force a refresh of the <acronym class="acronym">CRL</acronym>
cache by selecting all certificates and using <a class="xref" href="menutools.html#certificates-refresh-x509">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh X.509 Certificates</span></span>
</a> instead.</p></dd><dt><a name="crls-dump-crl-cache"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Dump CRL Cache</span></span></span></dt><dd><p><span class="action">Shows the detailed contents of the <span class="application">GpgSM</span> <acronym class="acronym">CRL</acronym>
cache.</span></p></dd></dl></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menucertificates.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menusettings.html">Next</a></td></tr><tr><td class="prevCell">Certificates Menu </td><td class="upCell">Menu Reference</td><td class="nextCell"> Settings Menu</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="menusettings.html"><html><head><title>Settings Menu</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="menu.html" title="Chapter 3. Menu Reference"><link rel="prev" href="menutools.html" title="Tools Menu"><link rel="next" href="menuwindow.html" title="Window Menu"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Settings Menu</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menutools.html">Prev</a></td><td class="upCell">Menu Reference</td><td class="nextCell"><a accesskey="n" href="menuwindow.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menusettings"></a>Settings Menu</h2></div></div></div><p><span class="application">Kleopatra</span> has a default <span class="orgname">KDE</span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Settings</span></span> menu as described in the
<a class="ulink" href="help:/fundamentals/menus.html#menus-settings" target="_top"><span class="orgname">KDE</span> Fundamentals</a>
with one additional entry:</p><div class="variablelist"><dl class="variablelist"><dt><a name="settings-self-test"></a><span class="term">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Settings</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Perform Self-Test</span></span>
</span></dt><dd><p>
<span class="action">Performs a set of self-tests and presents their result.</span>
</p><p>
This is the same set of tests that is run at startup by
default. If you disabled startup-time self-tests, you
can re-enable them here.
</p></dd></dl></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menutools.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menuwindow.html">Next</a></td></tr><tr><td class="prevCell">Tools Menu </td><td class="upCell">Menu Reference</td><td class="nextCell"> Window Menu</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="menuwindow.html"><html><head><title>Window Menu</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="menu.html" title="Chapter 3. Menu Reference"><link rel="prev" href="menusettings.html" title="Settings Menu"><link rel="next" href="menuhelp.html" title="Help Menu"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Window Menu</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menusettings.html">Prev</a></td><td class="upCell">Menu Reference</td><td class="nextCell"><a accesskey="n" href="menuhelp.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menuwindow"></a>Window Menu</h2></div></div></div><p>The <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Window</span></span> menu allows you to manage the tabs.
Using the items in this menu you can rename a tab, add a new tab, duplicate the current tab, close the current tab, and move the current tab to the left or right.</p><p>By clicking with the <span class="mousebutton">right</span> mouse button click on a tab you open a context menu, where you can also select the same actions.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menusettings.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menuhelp.html">Next</a></td></tr><tr><td class="prevCell">Settings Menu </td><td class="upCell">Menu Reference</td><td class="nextCell"> Help Menu</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="menuhelp.html"><html><head><title>Help Menu</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="menu.html" title="Chapter 3. Menu Reference"><link rel="prev" href="menuwindow.html" title="Window Menu"><link rel="next" href="commandline-options.html" title="Chapter 4. Command Line Options Reference"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Help Menu</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menuwindow.html">Prev</a></td><td class="upCell">Menu Reference</td><td class="nextCell"><a accesskey="n" href="commandline-options.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menuhelp"></a>Help Menu</h2></div></div></div><p><span class="application">Kleopatra</span> has a default <span class="orgname">KDE</span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Help</span></span> menu as described in the
<a class="ulink" href="help:/fundamentals/menus.html#menus-help" target="_top"><span class="orgname">KDE</span> Fundamentals</a>.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menuwindow.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="commandline-options.html">Next</a></td></tr><tr><td class="prevCell">Window Menu </td><td class="upCell">Menu Reference</td><td class="nextCell"> Command Line Options Reference</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="functions-newkey.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menuview.html">Next</a></td></tr><tr><td class="prevCell">Creating New Key Pairs </td><td class="upCell"> </td><td class="nextCell"> View Menu</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="commandline-options.html"><html><head><title>Chapter 4. Command Line Options Reference</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="menuhelp.html" title="Help Menu"><link rel="next" href="configuration.html" title="Chapter 5. Configuring Kleopatra"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Command Line Options Reference</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menuhelp.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="configuration.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="commandline-options"></a>Chapter 4. Command Line Options Reference</h1></div></div></div><p>Only the options specific to <span class="application">Kleopatra</span> are listed here. As
with all <span class="orgname">KDE</span> applications, you can get a complete list of options
by issuing the command <strong class="userinput"><code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kleopatra
<span class="option"><code class="option">--help</code></span></strong></span></span></code></strong>.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--uiserver-socket</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>argument</code></em></span></span></dt><dd><p>Location of the socket the ui server is listening on</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--daemon</code></span></span></dt><dd><p>Run UI server only, hide main window</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-p</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--openpgp</code></span></span></dt><dd><p>Use <acronym class="acronym">OpenPGP</acronym> for the following operation</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-c</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--cms</code></span></span></dt><dd><p>Use CMS (<acronym class="acronym">X.509</acronym>, S/<acronym class="acronym">MIME</acronym>) for the following operation</p></dd><dt><a name="commandline-option-import-certificate"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-i</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--import-certificate</code></span></span></dt><dd><p><span class="action">Specifies a file or <acronym class="acronym">URL</acronym> from which to import
certificates (or secret keys) from.</span></p><p>This is the command line equivalent of <a class="xref" href="menu.html#file-import-certificates">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Import Certificates...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>I</strong></span></strong></span>)
</a>.</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-e</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--encrypt</code></span></span></dt><dd><p>Encrypt file(s)</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-s</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--sign</code></span></span></dt><dd><p>Sign file(s)</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-E</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--encrypt-sign</code></span></span></dt><dd><p>Encrypt and/or sign file(s). Same as <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--sign-encrypt</code></span>, do not use</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-d</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--decrypt</code></span></span></dt><dd><p>Decrypt file(s)</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-V</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--verify</code></span></span></dt><dd><p>Verify file/signature</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-D</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--decrypt-verify</code></span></span></dt><dd><p>Decrypt and/or verify file(s)</p></dd></dl></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menuhelp.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="configuration.html">Next</a></td></tr><tr><td class="prevCell">Help Menu </td><td class="upCell"> </td><td class="nextCell"> Configuring <span class="application">Kleopatra</span></td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="configuration.html"><html><head><title>Chapter 5. Configuring Kleopatra</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="commandline-options.html" title="Chapter 4. Command Line Options Reference"><link rel="next" href="configuration-appearance.html" title="Configuring Appearance"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring <span class="application">Kleopatra</span></div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="commandline-options.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="configuration-appearance.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="configuration"></a>Chapter 5. Configuring <span class="application">Kleopatra</span></h1></div></div></div><p>
<span class="application">Kleopatra</span>'s configure dialog can be accessed via
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Settings</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Configure <span class="application">Kleopatra</span>...</span></span>
</p><p>
Each of its pages is described in the sections below.
</p><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuration-directory-services"></a>Configuring Directory Services</h2></div></div></div><p>
On this page, you can configure which <acronym class="acronym">LDAP</acronym> servers to use
for <acronym class="acronym">S/MIME</acronym> certificate searches, and which key servers to use
for <acronym class="acronym">OpenPGP</acronym> certificate searches.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
This is simply a more user-friendly version of the same
settings you also find in <a class="xref" href="configuration-gnupg-system.html" title="Configuring the GnuPG System">the section called “Configuring the <span class="application">GnuPG</span> System”</a>. Everything you can
configure here, you can configure there, too.
</p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">A Note On Proxy Settings</h3><p>
Proxy settings can be configured for <acronym class="acronym">HTTP</acronym> and <acronym class="acronym">LDAP</acronym> in
<a class="xref" href="configuration-smime-validation.html" title="Configuring aspects of S/MIME Validation">the section called “Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation”</a>, but only
for <span class="application">GpgSM</span>. For <span class="application">GPG</span>, due to the complexity of keyserver
options in <span class="application">GPG</span> and lack of proper support for them in
<span class="application">GpgConf</span>, you currently need to modify the config file
<code class="filename">gpg.conf</code> directly. Please refer to the
<span class="application">GPG</span> manual for details. <span class="application">Kleopatra</span> will preserve such
settings, but does not yet allow to modify them in the <acronym class="acronym">GUI</acronym>.
</p></div><p>
The <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Directory services</span></span> table shows which
servers are currently configured. Double-click on a cell in
the table to change parameters of existing server entries.
</p><p>
The meaning of the columns in the table is as follows:
</p><div class="variablelist"><dl class="variablelist"><dt><a name="configuration-directory-services-scheme"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Scheme</span></span></span></dt><dd><p>
Determines the network protocol which is used to access
the server. Often-used schemes include
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">ldap</span></span> (and its <acronym class="acronym">SSL</acronym>-secured sibling
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">ldaps</span></span>) for <acronym class="acronym">LDAP</acronym> servers (common
protocol for <acronym class="acronym">S/MIME</acronym>; the only one supported by
<span class="application">GpgSM</span>), and <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">hkp</span></span>, the Horowitz
Keyserver Protocol, nowadays usually <acronym class="acronym">HTTP</acronym> Keyserver
Protocol, a <acronym class="acronym">HTTP</acronym>-based protocol that virtually all
public <acronym class="acronym">OpenPGP</acronym> keyservers support.
</p><p>
Please refer to the <span class="application">GPG</span> and <span class="application">GpgSM</span> manuals for a list
of supported schemes.
</p></dd><dt><a name="configuration-directory-services-server-name"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Server Name</span></span></span></dt><dd><p>
The domain name of the server, <abbr class="abbrev">e.g.</abbr> <code class="systemitem">keys.gnupg.net</code>.
</p></dd><dt><a name="configuration-directory-services-server-port"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Server Port</span></span></span></dt><dd><p>
The network port the server is listening on.
</p><p>
This changes automatically to the default port when you
change the <a class="xref" href="configuration.html#configuration-directory-services-scheme"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Scheme</span></span></a>,
unless it was set to some non-standard port to begin
with. If you changed the default port and cannot get it
back, try setting <a class="xref" href="configuration.html#configuration-directory-services-scheme"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Scheme</span></span></a> to
<strong class="userinput"><code>http</code></strong> and <a class="xref" href="configuration.html#configuration-directory-services-server-port"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Server Port</span></span></a>
to <strong class="userinput"><code>80</code></strong> (the default for <acronym class="acronym">HTTP</acronym>),
then take it from there.
</p></dd><dt><a name="configuration-directory-services-base-dn"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Base DN</span></span></span></dt><dd><p>
The Base-<acronym class="acronym">DN</acronym> (only for <acronym class="acronym">LDAP</acronym> and <acronym class="acronym">LDAPS</acronym>), <abbr class="abbrev">i.e.</abbr> the
root of the <acronym class="acronym">LDAP</acronym> hierarchy to start from. This is
often also called <span class="quote">“<span class="quote">search root</span>”</span> or
<span class="quote">“<span class="quote">search base</span>”</span>.
</p><p>
It usually looks like <strong class="userinput"><code>c=de,o=Foo</code></strong>,
given as part of the <acronym class="acronym">LDAP</acronym> <acronym class="acronym">URL</acronym>.
</p></dd><dt><a name="configuration-directory-services-user-name"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">User Name</span></span></span></dt><dd><p>
The user name, if any, to use for logging into the
server.
</p><p>
This column is only shown if the option <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Show
user and password information</span></span> (below the
table) is checked.
</p></dd><dt><a name="configuration-directory-services-password"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Password</span></span></span></dt><dd><p>
The password, if any, to use for logging into the
server.
</p><p>
This column is only shown if the option <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Show
user and password information</span></span> (below the
table) is checked.
</p></dd><dt><a name="configuration-directory-services-x509"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">X.509</span></span></span></dt><dd><p>
Check this column if this entry should be used for
<acronym class="acronym">X.509</acronym> (<acronym class="acronym">S/MIME</acronym>) certificate searches.
</p><p>
Only <acronym class="acronym">LDAP</acronym> (and <acronym class="acronym">LDAPS</acronym>) servers are supported for
<acronym class="acronym">S/MIME</acronym>.
</p></dd><dt><a name="configuration-directory-services-openpgp"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">OpenPGP</span></span></span></dt><dd><p>
Check this column if this entry should be used for
<acronym class="acronym">OpenPGP</acronym> certificate searches.
</p></dd></dl></div><p>
You can configure as many <acronym class="acronym">S/MIME</acronym> (<acronym class="acronym">X.509</acronym>) servers as you
want, but only one <acronym class="acronym">OpenPGP</acronym> server is allowed at any
time. The <acronym class="acronym">GUI</acronym> will enforce this.
</p><p>
To add a new server, click on the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">New</span></span>
button. This duplicates the selected entry, if any, or else
inserts a default <acronym class="acronym">OpenPGP</acronym> server. Then you can set the
<a class="xref" href="configuration.html#configuration-directory-services-server-name"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Server Name</span></span></a>, the
<a class="xref" href="configuration.html#configuration-directory-services-server-port"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Server Port</span></span></a>, the
<a class="xref" href="configuration.html#configuration-directory-services-base-dn"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Base DN</span></span></a>, and the
usual <a class="xref" href="configuration.html#configuration-directory-services-password"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Password</span></span></a> and
<a class="xref" href="configuration.html#configuration-directory-services-user-name"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">User Name</span></span></a>,
both of which are only needed if the server requires
authentication.
</p><p>
To directly insert an entry for <acronym class="acronym">X.509</acronym> certificates, use
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">New</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">X.509</span></span>; use
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">New</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">OpenPGP</span></span> for
<acronym class="acronym">OpenPGP</acronym>.
</p><p>
To remove a server from the search list, select it in the
list, then press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Delete</span></span> button.
</p><p>
To set the <acronym class="acronym">LDAP</acronym> timeout, <abbr class="abbrev">i.e.</abbr> the maximum time the backend
will wait for a server to respond, simply use the
corresponding input field labeled <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">LDAP timeout
(minutes:seconds)</span></span>.
</p><p>
If one of your servers has a large database, so that even
reasonable searches like <strong class="userinput"><code>Smith</code></strong> hit the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">maximum number of items returned by
query</span></span>, you might want to increase this limit. You
can find out easily if you hit the limit during a search,
since a dialog box will pop up in that case, telling you that
the results have been truncated.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Some servers may impose their own limits on the number of
items returned from a query. In this case, increasing the
limit here will not result in more returned
items.
</p></div></div><FILENAME filename="configuration-appearance.html"><html><head><title>Configuring Appearance</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="configuration.html" title="Chapter 5. Configuring Kleopatra"><link rel="prev" href="configuration.html" title="Chapter 5. Configuring Kleopatra"><link rel="next" href="configuration-crypto-operations.html" title="Configuring Crypto Operations"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring Appearance</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration.html">Prev</a></td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"><a accesskey="n" href="configuration-crypto-operations.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuration-appearance"></a>Configuring Appearance</h2></div></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-appearance-tooltips"></a>Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Tooltips</span></span></h3></div></div></div><p>
In the main certificate list, <span class="application">Kleopatra</span> can show details
about a certificate in a tooltip. The information displayed
is the same as in the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Overview</span></span> tab of the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Certificate Details</span></span>
dialog. Tooltips, however, can be restricted to
show only a subset of information for a less verbose
experience.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
The <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Key-ID</span></span> is
<span class="emphasis"><em>always</em></span> shown. This is to ensure that
tooltips for different certificates do, in fact, differ
(this is especially important if only <a class="xref" href="configuration-appearance.html#tooltips-validity"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Show validity</span></span></a> has been selected).
</p></div><p>
You can independently enable or disable the following
information sets:
</p><div class="variablelist"><dl class="variablelist"><dt><a name="tooltips-validity"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Show validity</span></span></span></dt><dd><p>
Shows information about the validity of a certificate:
its current status, issuer-<acronym class="acronym">DN</acronym> (<acronym class="acronym">S/MIME</acronym> only), expiry
dates (if any) and certificate usage flags.
</p><p>
Example:
</p><pre class="programlisting">This certificate is currently valid.
Issuer: CN=Test-ZS 7,O=Intevation GmbH,C=DE
Validity: from 25.08.2009 10:42 through 19.10.2010 10:42
Certificate usage: Signing EMails and Files, Encrypting EMails and Files
Key-ID: DC9D9E43</pre><p>
</p></dd><dt><a name="tooltips-owner"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Show owner information</span></span></span></dt><dd><p>
Shows information about the owner of the certificate:
subject-<acronym class="acronym">DN</acronym> (<acronym class="acronym">S/MIME</acronym> only), user-IDs (including
emails addresses) and ownertrust (<acronym class="acronym">OpenPGP</acronym> only).
</p><p>
<acronym class="acronym">OpenPGP</acronym> example:
</p><pre class="programlisting">User-ID: Gpg4winUserA <gpg4winusera@test.hq>
Key-ID: C6BF6664
Ownertrust: ultimate</pre><p>
<acronym class="acronym">S/MIME</acronym> example:
</p><pre class="programlisting">Subject: CN=Gpg4winTestuserA,OU=Testlab,O=Gpg4win Project,C=DE
a.k.a.: Gpg4winUserA@test.hq
Key-ID: DC9D9E43</pre><p>
</p></dd><dt><a name="tooltips-details"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Show technical details</span></span></span></dt><dd><p>
Shows technical information about the certificate:
serial number (<acronym class="acronym">S/MIME</acronym> only), type, fingerprint and storage location.
</p><p>
Example:
</p><pre class="programlisting">Serial Number: 27
Certificate type: 1,024-bit RSA (secret certificate available)
Key-ID: DC9D9E43
Fingerprint: 854F62EEEBB41BFDD3BE05D124971E09DC9D9E43
Stored: on this computer</pre><p>
</p></dd></dl></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-appearance-certificate-filters"></a>Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Certificate Categories</span></span></h3></div></div></div><p>
<span class="application">Kleopatra</span> allows you to customize the appearance of
certificates in the list view. This includes showing a small
icon, but you can also influence the foreground (text) and
background colors, as well as the font.
</p><p>
Each certificate category in the list is assigned a set of
colors, an icon (optional) and a font in which certificates
from that category are displayed. The category list also
acts as a preview of the settings. Categories can be freely
defined by the administrator or the power user, see <a class="xref" href="admin-key-filters.html" title="Creating and Editing Key Categories">the section called “Creating and Editing Key Categories”</a> in <a class="xref" href="admin.html" title="Chapter 6. Administrator's Guide">Chapter 6, <i>Administrator's Guide</i></a>.
</p><p>
To set or change the icon of a category, select it in the
list, and press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Set Icon...</span></span>
button. The standard <span class="orgname">KDE</span> icon selection dialog will appear
where you can select an existing icon from the <span class="orgname">KDE</span>
collection, or load a custom one.
</p><p>
To remove an icon again, you need to press the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Default Appearance</span></span> button.
</p><p>
To change the text (<abbr class="abbrev">i.e.</abbr> foreground) color of a category,
select it in the list, and press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Set Text
Color...</span></span> button. The standard <span class="orgname">KDE</span> color
selection dialog will appear where you can select an
existing color or create a new one.
</p><p>
Changing the background color is done in the same way, just press
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Set Background Color...</span></span> instead.
</p><p>
To change the font, you basically have two options:
</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
Modify the standard font, used for all list views in
<span class="orgname">KDE</span>.
</p></li><li class="listitem"><p>
Use a custom font.
</p></li></ol></div><p>
The first option has the advantage that the font will follow
whichever style you choose <span class="orgname">KDE</span>-wide, whereas the latter
gives you full control over the font to use. The choice is
yours.
</p><p>
To use the modified standard font, select the category in the
list, and check or uncheck the font modifiers
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Italic</span></span>, <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Bold</span></span>, and/or
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Strikeout</span></span>. You can immediately see the effect on
the font in the category list.
</p><p>
To use a custom font, press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Set
Font...</span></span> button. The standard <span class="orgname">KDE</span> font
selection dialog will appear where you can select the new
font.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
You can still use the font modifiers to change the custom
font, just as for modifying the standard font.
</p></div><p>
To switch back to the standard font, you need to press the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Default Appearance</span></span> button.
</p></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-dn-order"></a>Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">DN-Attribute Order</span></span></h3></div></div></div><p>Although <acronym class="acronym">DN</acronym>s are hierarchical, the order of the individual
components (called relative <acronym class="acronym">DN</acronym>s (RDNs), or <acronym class="acronym">DN</acronym> attributes) is not
defined. The order in which the attributes are shown is thus a matter
of personal taste or company policy, which is why it is configurable in
<span class="application">Kleopatra</span>.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This setting does not only apply to <span class="application">Kleopatra</span>, but to all
applications using <span class="application">Kleopatra</span> Technology. At the time of this
writing, these include <span class="application">KMail</span>, <span class="application">KAddressBook</span>, as well as <span class="application">Kleopatra</span>
itself, of course.</p></div><p>This configuration page basically consists of two lists, one for
the known attributes (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Available attributes</span></span>), and
one describing the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Current attribute order</span></span>.</p><p>Both lists contain entries described by the short form of the
attribute (<abbr class="abbrev">e.g.</abbr> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">CN</span></span>) as well as the spelled-out
form (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Common Name</span></span>).</p><p>The <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Available attributes</span></span> list is always
sorted alphabetically, while the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Current attribute
order</span></span> list's order reflects the configured <acronym class="acronym">DN</acronym> attribute
order: the first attribute in the list is also the one displayed
first.</p><p>Only attributes explicitly listed in the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Current
attribute order</span></span> list are displayed at all. The rest is
hidden by default.</p><p>However, if the placeholder entry <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">_X_</span></span>
(<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">All others</span></span>) is in the <span class="quote">“<span class="quote">current</span>”</span>
list, all unlisted attributes (whether known or not), are inserted at
the point of <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">_X_</span></span>, in their original relative
order.</p><p>A small example will help to make this more clear:</p><div class="informalexample"><p>Given the <acronym class="acronym">DN</acronym></p><div class="blockquote"><blockquote class="blockquote"><p>
O=<span class="orgname">KDE</span>, C=US, CN=Dave Devel, X-BAR=foo, OU=<span class="application">Kleopatra</span>, X-FOO=bar,
</p></blockquote></div><p>the default attribute order of <span class="quote">“<span class="quote">CN, L, _X_, OU, O,
C</span>”</span> will produce the following formatted <acronym class="acronym">DN</acronym>:</p><div class="blockquote"><blockquote class="blockquote"><p>
CN=Dave Devel, X-BAR=foo, X-FOO=bar, OU=<span class="application">Kleopatra</span>, O=<span class="orgname">KDE</span>, C=US
</p></blockquote></div><p>while <span class="quote">“<span class="quote">CN, L, OU, O, C</span>”</span> will produce</p><div class="blockquote"><blockquote class="blockquote"><p>
CN=Dave Devel, OU=<span class="application">Kleopatra</span>, O=<span class="orgname">KDE</span>, C=US
</p></blockquote></div></div><p>To add an attribute to the display order list, select it in the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Available attributes</span></span> list, and press the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Add to current attribute order</span></span> button.</p><p>To remove an attribute from the display order list, select it in
the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Current attribute order</span></span> list, and press the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Remove from current attribute order</span></span> button.</p><p>To move an attribute to the beginning (end), select it in the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Current attribute order</span></span> list, and press the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Move to top</span></span> (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Move to bottom</span></span>)
button.</p><p>To move an attribute up (down) one slot only, select it in the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Current attribute order</span></span> list, and press the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Move one up</span></span> (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Move one down</span></span>)
button.</p></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="configuration-crypto-operations.html">Next</a></td></tr><tr><td class="prevCell">Configuring <span class="application">Kleopatra</span> </td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"> Configuring Crypto Operations</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="configuration-crypto-operations.html"><html><head><title>Configuring Crypto Operations</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="configuration.html" title="Chapter 5. Configuring Kleopatra"><link rel="prev" href="configuration-appearance.html" title="Configuring Appearance"><link rel="next" href="configuration-smime-validation.html" title="Configuring aspects of S/MIME Validation"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring Crypto Operations</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-appearance.html">Prev</a></td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"><a accesskey="n" href="configuration-smime-validation.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuration-crypto-operations"></a>Configuring Crypto Operations</h2></div></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-crypto-operations-email"></a>Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">EMail Operations</span></span></h3></div></div></div><p>
Here you can configure some aspects of the email operations
of <span class="application">Kleopatra</span>'s UiServer. Currently, you can only
configure whether or not to use <span class="quote">“<span class="quote">Quick Mode</span>”</span> for
signing and encrypting emails, individually.
</p><p>
When <span class="quote">“<span class="quote">Quick Mode</span>”</span> is enabled, no dialog is
shown when signing (encrypting) emails, respectively, unless
there is a conflict that needs manual resolution.
</p></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-crypto-operations-file"></a>Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">File Operations</span></span></h3></div></div></div><p>
Here you can configure some aspects of the file operations
of <span class="application">Kleopatra</span>'s UiServer. Currently, you can only choose
the checksum program to use for <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>CHECKSUM_CREATE_FILES</strong></span></span>.
</p><p>
Use <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Checksum program to use</span></span> to choose
which of the configured checksum programs should be used
when creating checksum files.
</p><p>
When verifying checksums, the program to use is
automatically found, based on the names of the checksum files
found.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
The administrator and power user can completely define
which checksum programs to make available to <span class="application">Kleopatra</span>
through so-called <span class="quote">“<span class="quote">Checksum Definitions</span>”</span> in
the config file. See <a class="xref" href="admin-checksum-definitions.html" title="Configuring Checksum Programs for Use with Create/Verify Checksums">the section called “Configuring Checksum Programs for Use with Create/Verify Checksums”</a>
in <a class="xref" href="admin.html" title="Chapter 6. Administrator's Guide">Chapter 6, <i>Administrator's Guide</i></a> for details.
</p></div></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-appearance.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="configuration-smime-validation.html">Next</a></td></tr><tr><td class="prevCell">Configuring Appearance </td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"> Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="configuration-smime-validation.html"><html><head><title>Configuring aspects of S/MIME Validation</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="configuration.html" title="Chapter 5. Configuring Kleopatra"><link rel="prev" href="configuration-crypto-operations.html" title="Configuring Crypto Operations"><link rel="next" href="configuration-gnupg-system.html" title="Configuring the GnuPG System"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-crypto-operations.html">Prev</a></td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"><a accesskey="n" href="configuration-gnupg-system.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuration-smime-validation"></a>Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation</h2></div></div></div><p>
On this page, you can configure certain aspects of the
validation of <acronym class="acronym">S/MIME</acronym> certificates.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
For the most part, this is simply a more user-friendly
version of the same settings you also find in
<a class="xref" href="configuration-gnupg-system.html" title="Configuring the GnuPG System">the section called “Configuring the <span class="application">GnuPG</span> System”</a>. Everything you
can configure here, you can configure there, too, with the
exception of
<a class="xref" href="configuration-smime-validation.html#configuration-smime-validation-refresh-interval"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Check certificate validity every
<span class="replaceable"><em class="replaceable"><code>N</code></em></span> hours</span></span></a>,
which is <span class="application">Kleopatra</span>-specific.
</p></div><p>
The meaning of the options is as follows:
</p><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-smime-validation-interval-checking"></a>Configuring interval certificate checking</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="configuration-smime-validation-refresh-interval"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Check certificate validity every
<span class="replaceable"><em class="replaceable"><code>N</code></em></span> hours</span></span></span></dt><dd><p>
This option enables interval checking of certificate
validity. You can also choose the checking interval (in
hours). The effect of interval checking is the same as
<a class="xref" href="menuview.html#view-redisplay">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Redisplay</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>F5</strong></span></strong></span>)
</a>; there is no provision
for interval scheduling of <a class="xref" href="menutools.html#certificates-refresh-openpgp">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh OpenPGP Certificates</span></span>
</a> or <a class="xref" href="menutools.html#certificates-refresh-x509">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh X.509 Certificates</span></span>
</a>.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Validation is performed implicitly whenever significant
files in <code class="filename">~/.gnupg</code> change. This
option, just like <a class="xref" href="menutools.html#certificates-refresh-openpgp">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh OpenPGP Certificates</span></span>
</a>
and <a class="xref" href="menutools.html#certificates-refresh-x509">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh X.509 Certificates</span></span>
</a>, therefore only
affects external factors of certificate validity.
</p></div></dd></dl></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-smime-validation-method"></a>Configuring validation method</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="configuration-smime-validation-use-crls"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Validate certificates using CRLs</span></span></span></dt><dd><p>
If this option is selected, <acronym class="acronym">S/MIME</acronym> certificates are
validated using Certificate Revocation Lists (<acronym class="acronym">CRL</acronym>s).
</p><p>
See <a class="xref" href="configuration-smime-validation.html#configuration-smime-validation-use-ocsp"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Validate certificates online (OCSP)</span></span></a>
for alternative method of certificate validity checking.
</p></dd><dt><a name="configuration-smime-validation-use-ocsp"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Validate certificates online (OCSP)</span></span></span></dt><dd><p>
If this option is selected, <acronym class="acronym">S/MIME</acronym> certificates are
validated online using the Online Certificates Status
Protocol (<acronym class="acronym">OCSP</acronym>).
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
When choosing this method, a request is sent to the
server of the <acronym class="acronym">CA</acronym> more or less each time you send or
receive a cryptographic message, thus theoretically
allowing the certificate issuing agency to track whom
you exchange (<abbr class="abbrev">e.g.</abbr>) mails with.
</p></div><p>
To use this method, you need to enter the <acronym class="acronym">URL</acronym> of the
<acronym class="acronym">OCSP</acronym> responder into <a class="xref" href="configuration-smime-validation.html#configuration-smime-validation-ocsp-url"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">OCSP responder URL</span></span></a>.
</p><p>
See <a class="xref" href="configuration-smime-validation.html#configuration-smime-validation-use-ocsp"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Validate certificates online (OCSP)</span></span></a>
for a more traditional method of certificate validity
checking that does not leak information about whom you
exchange messages with.
</p></dd><dt><a name="configuration-smime-validation-ocsp-url"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">OCSP responder URL</span></span></span></dt><dd><p>
Enter here the address of the server for online
validation of certificates (<acronym class="acronym">OCSP</acronym> responder). The <acronym class="acronym">URL</acronym>
usually starts with <code class="literal">http://</code>.
</p></dd><dt><a name="configuration-smime-validation-ocsp-signature"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">OCSP responder signature</span></span></span></dt><dd><p>
Choose here the certificate with which the <acronym class="acronym">OCSP</acronym> server
signs its replies.
</p></dd><dt><a name="configuration-smime-validation-ocsp-ignore-service-url"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Ignore service URL of certificates</span></span></span></dt><dd><p>
Each <acronym class="acronym">S/MIME</acronym> certificate usually contains the <acronym class="acronym">URL</acronym> of
its issuer's <acronym class="acronym">OCSP</acronym> responder (<a class="xref" href="menucertificates.html#certificates-dump-certificate">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Dump Certificate</span></span>
</a> will reveal
whether a given certificate contains it).
</p><p>
Checking this option makes <span class="application">GpgSM</span> ignore those <acronym class="acronym">URL</acronym>s
and only use the one configured above.
</p><p>
Use this to <abbr class="abbrev">e.g.</abbr> enforce use of a company-wide <acronym class="acronym">OCSP</acronym>
proxy.
</p></dd></dl></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-smime-validation-options"></a>Configuring validation options</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="configuration-smime-validation-dont-check-cert-policy"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Do not check certificate policies</span></span></span></dt><dd><p>
By default, <span class="application">GpgSM</span> uses the file
<code class="filename">~/.gnupg/policies.txt</code> to check if a
certificate policy is allowed. If this option is
selected, policies are not checked.
</p></dd><dt><a name="configuration-smime-validation-never-consult-crl"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Never consult a CRL</span></span></span></dt><dd><p>
If this option is checked, Certificate Revocation Lists
are never used to validate <acronym class="acronym">S/MIME</acronym> certificates.
</p></dd><dt><a name="configuration-smime-validation-allow-mark-trusted"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Allow to mark root certificates as trusted</span></span></span></dt><dd><p>
If this option is checked while a root <acronym class="acronym">CA</acronym> certificate is
being imported, you will be asked to confirm its
fingerprint and to state whether or not you consider this
root certificate to be trusted.
</p><p>
A root certificate needs to be trusted before the
certificates it certified become trusted, but lightly
allowing trusted root certificates into your certificate
store will undermine the security of the system.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Enabling this functionality in the backend can lead to
popups from <span class="application">PinEntry</span> at inopportune times (<abbr class="abbrev">e.g.</abbr> when
verifying signatures), and can thus block unattended
email processing. For that reason, and because it is
desirable to be able to <span class="emphasis"><em>distrust</em></span>
a trusted root certificate again, <span class="application">Kleopatra</span> allows
manual setting of trust using
<a class="xref" href="menucertificates.html#certificates-trust-root">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Trust Root Certificate</span></span>
</a> and
<a class="xref" href="menucertificates.html#certificates-distrust-root">
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Distrust Root Certificate</span></span>
</a>.
</p><p>
This setting here does not influence the <span class="application">Kleopatra</span>
function.
</p></div></dd><dt><a name="configuration-smime-validation-fetch-missing-issuers"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Fetch missing issuer certificates</span></span></span></dt><dd><p>
If this option is checked, missing issuer certificates
are fetched when necessary (this applies to both
validation methods, <acronym class="acronym">CRL</acronym>s and <acronym class="acronym">OCSP</acronym>).
</p></dd></dl></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-smime-validation-http-options"></a>Configuring <acronym class="acronym">HTTP</acronym> request options</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="configuration-smime-validation-disable-http"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Do not perform any HTTP requests</span></span></span></dt><dd><p>
Entirely disables the use of <acronym class="acronym">HTTP</acronym> for <acronym class="acronym">S/MIME</acronym>.
</p></dd><dt><a name="configuration-smime-validation-ignore-http-dp"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Ignore HTTP CRL distribution point of certificates</span></span></span></dt><dd><p>
When looking for the location of a <acronym class="acronym">CRL</acronym>, the
to-be-tested certificate usually contains what are
known as <span class="quote">“<span class="quote"><acronym class="acronym">CRL</acronym> Distribution Point</span>”</span>
(<acronym class="acronym">DP</acronym>) entries, which are <acronym class="acronym">URL</acronym>s
describing the way to access the <acronym class="acronym">CRL</acronym>. The first-found
<acronym class="acronym">DP</acronym> entry is used.
</p><p>
With this option, all entries using the <acronym class="acronym">HTTP</acronym> scheme
are ignored when looking for a suitable
<acronym class="acronym">DP</acronym>.
</p></dd><dt><a name="configuration-smime-validation-honor-http-proxy"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Use system HTTP proxy</span></span></span></dt><dd><p>
If this option is selected, the value of the <acronym class="acronym">HTTP</acronym>
proxy shown on the right (which comes from the
environment variable <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="envar"><code class="envar">http_proxy</code></span>) will
be used for any <acronym class="acronym">HTTP</acronym> request.
</p></dd><dt><a name="configuration-smime-validation-custom-http-proxy"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Use this proxy for HTTP requests</span></span></span></dt><dd><p>
If no system proxy is set, or you need to use a
different proxy for <span class="application">GpgSM</span>, you can enter its
location here.
</p><p>
It will be used for all <acronym class="acronym">HTTP</acronym> requests relating to
S/<acronym class="acronym">MIME</acronym>.
</p><p>
The syntax is
<strong class="userinput"><code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>host</code></em></span><code class="literal">:</code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>port</code></em></span></code></strong>,
<abbr class="abbrev">e.g.</abbr> <strong class="userinput"><code>myproxy.nowhere.com:3128</code></strong>.
</p></dd></dl></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-smime-validation-ldap-options"></a>Configuring <acronym class="acronym">LDAP</acronym> request options</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="configuration-smime-validation-disable-ldap"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Do not perform any LDAP requests</span></span></span></dt><dd><p>
Entirely disables the use of <acronym class="acronym">LDAP</acronym> for <acronym class="acronym">S/MIME</acronym>.
</p></dd><dt><a name="configuration-smime-validation-ignore-ldap-dp"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Ignore LDAP CRL distribution point of certificates</span></span></span></dt><dd><p>
When looking for the location of a <acronym class="acronym">CRL</acronym>, the
to-be-tested certificate usually contains what are
known as "<acronym class="acronym">CRL</acronym> Distribution Point"
(<acronym class="acronym">DP</acronym>) entries, which are <acronym class="acronym">URL</acronym>s
describing the way to access the <acronym class="acronym">CRL</acronym>. The first
found <acronym class="acronym">DP</acronym> entry is used.
</p><p>
With this option, all entries using the <acronym class="acronym">LDAP</acronym> scheme
are ignored when looking for a suitable
<acronym class="acronym">DP</acronym>.
</p></dd><dt><a name="configuration-smime-validation-custom-ldap-proxy"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Primary host for LDAP requests</span></span></span></dt><dd><p>
Entering an <acronym class="acronym">LDAP</acronym> server here will make all <acronym class="acronym">LDAP</acronym>
requests go to that server first. More precisely, this
setting overrides any specified
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>host</code></em></span> and
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>port</code></em></span> part in an <acronym class="acronym">LDAP</acronym>
<acronym class="acronym">URL</acronym> and will also be used if
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>host</code></em></span> and
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>port</code></em></span> have been omitted from
the <acronym class="acronym">URL</acronym>.
</p><p>
Other <acronym class="acronym">LDAP</acronym> servers will be used only if the
connection to the <span class="quote">“<span class="quote">proxy</span>”</span> failed. The
syntax is
<strong class="userinput"><code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>host</code></em></span></code></strong>
or
<strong class="userinput"><code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>host</code></em></span><code class="literal">:</code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>port</code></em></span></code></strong>. If
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>port</code></em></span> is omitted, port 389
(standard <acronym class="acronym">LDAP</acronym> port) is used.
</p></dd></dl></div></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-crypto-operations.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="configuration-gnupg-system.html">Next</a></td></tr><tr><td class="prevCell">Configuring Crypto Operations </td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"> Configuring the <span class="application">GnuPG</span> System</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="configuration-gnupg-system.html"><html><head><title>Configuring the GnuPG System</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="configuration.html" title="Chapter 5. Configuring Kleopatra"><link rel="prev" href="configuration-smime-validation.html" title="Configuring aspects of S/MIME Validation"><link rel="next" href="admin.html" title="Chapter 6. Administrator's Guide"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring the <span class="application">GnuPG</span> System</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-smime-validation.html">Prev</a></td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"><a accesskey="n" href="admin.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuration-gnupg-system"></a>Configuring the <span class="application">GnuPG</span> System</h2></div></div></div><p>
This part of the dialog is auto-generated from the output of
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>gpgconf <span class="option"><code class="option">--list-components</code></span></strong></span></span>
and, for each <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>component</code></em></span> that the
above command returns, the output of <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>gpgconf
<span class="option"><code class="option">--list-options</code></span>
<span class="replaceable"><em class="replaceable"><code>component</code></em></span></strong></span></span>.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
The most useful of these options have been duplicated as
separate pages in the <span class="application">Kleopatra</span> config dialog. See <a class="xref" href="configuration.html#configuration-directory-services" title="Configuring Directory Services">the section called “Configuring Directory Services”</a> and <a class="xref" href="configuration-smime-validation.html" title="Configuring aspects of S/MIME Validation">the section called “Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation”</a> for the two
dialog pages which contain selected options from this part
of the dialog.
</p></div><p>
The exact content of this part of the dialog depends on the
version of the <span class="application">GnuPG</span> backend you have installed and,
potentially, the platform you run on. Thus, we will only
discuss the general layout of the dialog, including the
mapping from <span class="application">GpgConf</span> option to <span class="application">Kleopatra</span> <acronym class="acronym">GUI</acronym> control.
</p><p>
<span class="application">GpgConf</span> returns configuration information for multiple
components. Inside each component, individual options are
combined into groups.
</p><p>
<span class="application">Kleopatra</span> displays one tab per component reported by
<span class="application">GpgConf</span>; groups are headed by a horizontal line displaying
the group name as returned from <span class="application">GpgConf</span>.
</p><p>
Each <span class="application">GpgConf</span> option has a type. Except for certain
well-known options which <span class="application">Kleopatra</span> backs with specialised
controls for a better user experience, the mapping between
<span class="application">GpgConf</span> types and <span class="application">Kleopatra</span> controls is as follows:
</p><div class="table"><a name="table-gpgconf-types"></a><p class="title"><b>Table 5.1. Mapping From <span class="application">GpgConf</span> Types To <acronym class="acronym">GUI</acronym> Controls</b></p><div class="table-contents"><table class="table" summary="Mapping From GpgConf Types To GUI Controls" border="1"><colgroup><col class="type"><col align="center" class="lists"><col align="center" class="non-lists"></colgroup><thead><tr><th rowspan="2"><span class="application">GpgConf</span> type</th><th colspan="2" align="center"><span class="application">Kleopatra</span> control</th></tr><tr><th align="center">for lists</th><th align="center">for non-lists</th></tr></thead><tbody><tr><td><code class="literal">none</code></td><td align="center">Spinbox (<span class="quote">“<span class="quote">count</span>”</span>-semantics)</td><td align="center">Checkbox</td></tr><tr><td><code class="literal">string</code></td><td align="center"><acronym class="acronym">N/A</acronym></td><td align="center">Lineedit</td></tr><tr><td><code class="literal">int32</code></td><td rowspan="2" align="center">Lineedit (unformatted)</td><td rowspan="2" align="center">Spinbox</td></tr><tr><td><code class="literal">uint32</code></td></tr><tr><td><code class="literal">pathname</code></td><td align="center"><acronym class="acronym">N/A</acronym></td><td align="center">specialised control</td></tr><tr><td><code class="literal">ldap server</code></td><td align="center">specialised control</td><td align="center"><acronym class="acronym">N/A</acronym></td></tr><tr><td><code class="literal">key fingerprint</code></td><td rowspan="4" colspan="2" align="center"><acronym class="acronym">N/A</acronym></td></tr><tr><td><code class="literal">pub key</code></td></tr><tr><td><code class="literal">sec key</code></td></tr><tr><td><code class="literal">alias list</code></td></tr></tbody></table></div></div><br class="table-break"><p>
See the <span class="application">GpgConf</span> manual for more information about what you
can configure here, and how.
</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-smime-validation.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="admin.html">Next</a></td></tr><tr><td class="prevCell">Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation </td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"> Administrator's Guide</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="commandline-options.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="configuration-appearance.html">Next</a></td></tr><tr><td class="prevCell">Command Line Options Reference </td><td class="upCell"> </td><td class="nextCell"> Configuring Appearance</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="admin.html"><html><head><title>Chapter 6. Administrator's Guide</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="configuration-gnupg-system.html" title="Configuring the GnuPG System"><link rel="next" href="admin-key-filters.html" title="Creating and Editing Key Categories"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Administrator's Guide</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-gnupg-system.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="admin-key-filters.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="admin"></a>Chapter 6. Administrator's Guide</h1></div></div></div><p>This Administrator's Guide describes ways to customize <span class="application">Kleopatra</span> that
are not accessible via the <acronym class="acronym">GUI</acronym>, but only via config files.</p><p>It is assumed that the reader is familiar with the technology
used for <span class="orgname">KDE</span> application configuration, including layout,
file system location and cascading of <span class="orgname">KDE</span> config files, as well as
the KIOSK framework.</p><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="admin-certificate-request-wizard"></a>Customization of the Certificate-Creation Wizard</h2></div></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="admin-certificate-request-wizard-dn"></a>Customizing the <acronym class="acronym">DN</acronym> fields</h3></div></div></div><p><span class="application">Kleopatra</span> allows you to customize the fields that the user is
allowed to enter in order to create their certificate.</p><p>Create a group called
<code class="literal">CertificateCreationWizard</code> in the system-wide
<code class="filename">kleopatrarc</code>. If you want a custom order of
attributes or if you only want certain items to appear, create a key
called <code class="varname">DNAttributeOrder</code>. The argument is one or
more of <code class="varname">CN,SN,GN,L,T,OU,O,PC,C,SP,DC,BC,EMAIL</code> If
you want to initialize fields with a certain value, write something like
Attribute=value. If you want the attribute to be treated as a required
one, append an exclamation mark
(e.g. <code class="varname">CN!,L,OU,O!,C!,EMAIL!</code>, which happens to be
the default configuration).</p><p> Using the <acronym class="acronym">KIOSK</acronym> mode modifier
<code class="varname">$e</code> allows to retrieve the values from
environment variables or from an evaluated script or binary. If you
want to disallow editing of the respective field in addition, use the
modifier <code class="varname">$i</code>. If you want to disallow the use
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Insert My Address</span></span> button, set
<code class="varname">ShowSetWhoAmI</code> to false.</p><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Tip</h3><p> Due to the nature of the <span class="orgname">KDE</span> <acronym class="acronym">KIOSK</acronym>
framework, using the immutable flag (<code class="varname">$i</code>) makes it
impossible for the user to override the flag. This is intended
behavior. <code class="varname">$i</code> and <code class="varname">$e</code> can be used
with all other config keys in <span class="orgname">KDE</span> applications as well.</p></div><p>The following example outlines possible customizations:</p><p>
</p><pre class="programlisting">
[CertificateCreationWizard]
;Disallow to copy personal data from the addressbook, do not allow local override
ShowSetWhoAmI[$i]=false
;sets the user name to $USER
CN[$e]=$USER
;sets the company name to "My Company", disallows editing
O[$i]=My Company
;sets the department name to a value returned by a script
OU[$ei]=$(lookup_dept_from_ip)
; sets country to DE, but allows for changes by the user
C=DE
</pre><p>
</p></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="admin-certificate-request-wizard-keys"></a>Restricting the Types of Keys a User is Allowed to Create</h3></div></div></div><p>
<span class="application">Kleopatra</span> also allows to restrict which type of
certificates a user is allowed to create. Note, however,
that an easy way around these restrictions is to just create
one on the command line.
</p><div class="sect3"><div class="titlepage"><div><div><h4 class="title"><a name="admin-certificate-request-wizard-keys-type"></a>Public Key Algorithms</h4></div></div></div><p>
To restrict the public key algorithm to use, add the
config key <code class="varname">PGPKeyType</code> (and
<code class="varname">CMSKeyType</code>, but only
<acronym class="acronym">RSA</acronym> is supported for
<acronym class="acronym">CMS</acronym> anyway) to the
<code class="literal">CertificateCreationWizard</code> section of
<code class="filename">kleopatrarc</code>.
</p><p>
The allowed values are <code class="literal">RSA</code> for
<acronym class="acronym">RSA</acronym> keys, <code class="literal">DAS</code> for
<acronym class="acronym">DSA</acronym> (sign-only) keys, and
<code class="literal">DSA+ELG</code> for a <acronym class="acronym">DSA</acronym>
(sign-only) key with an Elgamal subkey for encryption.
</p><p>
The default is read from <span class="application">GpgConf</span> or else
<code class="literal">RSA</code> if <span class="application">GpgConf</span> doesn't provide a
default.
</p></div><div class="sect3"><div class="titlepage"><div><div><h4 class="title"><a name="admin-certificate-request-wizard-keys-size"></a>Public Key Size</h4></div></div></div><p>
To restrict the available keys sizes for a public
algorithm, add the config key
<code class="varname"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code><ALG></code></em></span>KeySizes</code>
(where <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>ALG</code></em></span> may be
<code class="literal">RSA</code>, <code class="literal">DSA</code> or
<code class="literal">ELG</code>) to the
<code class="literal">CertificateCreationWizard</code> section of
<code class="filename">kleopatrarc</code>, containing a
comma-separated list of keysizes (in bits). A default may
be indicated by prefixing the keysize with a hyphen
(<code class="literal">-</code>).
</p><p>
</p><pre class="programlisting">
RSAKeySizes = 1536,-2048,3072
</pre><p>
</p><p>
The above would restrict allowed <acronym class="acronym">RSA</acronym>
key sizes to 1536, 2048 and 3072, with 2048 the default.
</p><p>
In addition to the sizes themselves, you may also specify
labels for each of the sizes. Simply set the config key
<code class="varname"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>ALG</code></em></span>KeySizeLabels</code>
to a comma-separated list of labels.
</p><p>
</p><pre class="programlisting">
RSAKeySizeLabels = weak,normal,strong
</pre><p>
</p><p>
The above, in connection with the previous example, would
print something like the following options for selection:
</p><pre class="programlisting">
weak (1536 bits)
normal (2048 bits)
strong (3072 bits)
</pre><p>
</p><p>
The defaults are as if the following was in effect:
</p><pre class="programlisting">
RSAKeySizes = 1536,-2048,3072,4096
RSAKeySizeLabels =
DSAKeySizes = -1024,2048
DSAKeySizeLabels = v1,v2
ELGKeySizes = 1536,-2048,3072,4096
</pre><p>
</p></div></div></div><FILENAME filename="admin-key-filters.html"><html><head><title>Creating and Editing Key Categories</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="admin.html" title="Chapter 6. Administrator's Guide"><link rel="prev" href="admin.html" title="Chapter 6. Administrator's Guide"><link rel="next" href="admin-archive-definitions.html" title="Configuring Archivers for Use with Sign/Encrypt Files"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Creating and Editing Key Categories</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin.html">Prev</a></td><td class="upCell">Administrator's Guide</td><td class="nextCell"><a accesskey="n" href="admin-archive-definitions.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="admin-key-filters"></a>Creating and Editing Key Categories</h2></div></div></div><p>
<span class="application">Kleopatra</span> allows the user to configure the <a class="link" href="configuration-appearance.html#configuration-appearance-certificate-filters" title="Configuring Certificate Categories">visual appearance</a> of
keys based on a concept called <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Key
Categories</span></span>. <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Key Categories</span></span> are
also used to filter the list of certificates. This section
describes how you can edit the available categories and add
new ones.
</p><p>
When trying to find the category a key belongs to, <span class="application">Kleopatra</span>
tries to match the key to a sequence of key filters,
configured in the <code class="filename">libkleopatrarc</code>. The
first one to match defines the category, based on a concept of
<span class="emphasis"><em>specificity</em></span>, explained further below.
</p><p>
Each key filter is defined in a config group named
<code class="literal">Key Filter #<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span></code>,
where <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span> is a number, starting from
<code class="literal">0</code>.
</p><p>
The only mandatory keys in a <code class="literal">Key Filter
#<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span></code> group are
<code class="varname">Name</code>, containing the name of the category
as displayed in the <a class="link" href="configuration-appearance.html#configuration-appearance-certificate-filters" title="Configuring Certificate Categories">config dialog</a>, and
<code class="varname">id</code>, which is used as a reference for the
filter in other configuration sections (such as <code class="literal">View
#<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span></code>).
</p><p>
<a class="xref" href="admin-key-filters.html#table-key-filters-appearance" title="Table 6.1. Key-Filter Configuration Keys Defining Display Properties">Table 6.1, “Key-Filter Configuration Keys Defining Display
Properties”</a> lists all keys
that define the display properties of keys belonging to that
category (<abbr class="abbrev">i.e.</abbr> those keys that can be adjusted in the <a class="link" href="configuration-appearance.html#configuration-appearance-certificate-filters" title="Configuring Certificate Categories">config dialog</a>),
whereas <a class="xref" href="admin-key-filters.html#table-key-filters-criteria" title="Table 6.2. Key-Filter Configuration Keys Defining Filter Criteria">Table 6.2, “Key-Filter Configuration Keys Defining Filter Criteria”</a> lists all
keys that define the criteria the filter matches keys against.
</p><div class="table"><a name="table-key-filters-appearance"></a><p class="title"><b>Table 6.1. Key-Filter Configuration Keys Defining Display
Properties</b></p><div class="table-contents"><table class="table" summary="Key-Filter Configuration Keys Defining Display
Properties" border="1"><colgroup><col><col align="center"><col></colgroup><thead><tr><th>Config Key</th><th align="center">Type</th><th>Description</th></tr></thead><tbody><tr><td><code class="varname">background-color</code></td><td align="center">color</td><td>
The background color to use. If missing, defaults to
whichever background color is defined globally for list
views.
</td></tr><tr><td><code class="varname">foreground-color</code></td><td align="center">color</td><td>
The foreground color to use. If missing, defaults to
whichever foreground color is defined globally for list
views.
</td></tr><tr><td><code class="varname">font</code></td><td align="center">font</td><td>
The custom font to use. The font will be scaled to the
size configured for list views, and any font
attributes (see below) will be applied.
</td></tr><tr><td><code class="varname">font-bold</code></td><td align="center">boolean</td><td>
If set to <code class="literal">true</code> and
<code class="varname">font</code> is not set, uses the
default list view font with bold font style added (if
available). Ignored if <code class="varname">font</code> is also
present.
</td></tr><tr><td><code class="varname">font-italic</code></td><td align="center">boolean</td><td>
Analogous to <code class="varname">font-bold</code>, but for
italic font style instead of bold.
</td></tr><tr><td><code class="varname">font-strikeout</code></td><td align="center">boolean</td><td>
If <code class="literal">true</code>, draws a centered line over
the font. Applied even if
<code class="varname">font</code> is set.
</td></tr><tr><td><code class="varname">icon</code></td><td align="center">text</td><td>
The name of an icon to show in the first column. Not yet
implemented.
</td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-key-filters-criteria"></a><p class="title"><b>Table 6.2. Key-Filter Configuration Keys Defining Filter Criteria</b></p><div class="table-contents"><table class="table" summary="Key-Filter Configuration Keys Defining Filter Criteria" border="1"><colgroup><col><col align="center"><col></colgroup><thead><tr><th>Config Key</th><th align="center">Type</th><th>If specified, filter matches when...</th></tr></thead><tbody><tr><td><code class="varname">is-revoked</code></td><td align="center">boolean</td><td>the key has been revoked.</td></tr><tr><td><code class="varname">match-context</code></td><td align="center">
context<a href="#ftn.idm1755" class="footnote" name="idm1755"><sup class="footnote">[a]</sup></a>
</td><td>the context in which this filter matches.</td></tr><tr><td><code class="varname">is-expired</code></td><td align="center">boolean</td><td>the key is expired.</td></tr><tr><td><code class="varname">is-disabled</code></td><td align="center">boolean</td><td>
the key has been disabled (marked for not using) by
the user. Ignored for <acronym class="acronym">S/MIME</acronym> keys.
</td></tr><tr><td><code class="varname">is-root-certificate</code></td><td align="center">boolean</td><td>
the key is a root certificate. Ignored for <acronym class="acronym">OpenPGP</acronym>
keys.
</td></tr><tr><td><code class="varname">can-encrypt</code></td><td align="center">boolean</td><td>
the key can be used for encryption.
</td></tr><tr><td><code class="varname">can-sign</code></td><td align="center">boolean</td><td>
the key can be used for signing.
</td></tr><tr><td><code class="varname">can-certify</code></td><td align="center">boolean</td><td>
the key can be used for signing (certifying) other
keys.
</td></tr><tr><td><code class="varname">can-authenticate</code></td><td align="center">boolean</td><td>
the key can be used for authentication (<abbr class="abbrev">e.g.</abbr> as an
<acronym class="acronym">TLS</acronym> client certificate).
</td></tr><tr><td><code class="varname">is-qualified</code></td><td align="center">boolean</td><td>
the key can be used to make Qualified Signatures (as
defined by the German Digital Signature Law).
</td></tr><tr><td><code class="varname">is-cardkey</code></td><td align="center">boolean</td><td>
the key material is stored on a smartcard (instead of
on the computer).
</td></tr><tr><td><code class="varname">has-secret-key</code></td><td align="center">boolean</td><td>
the secret key for this key pair is available.
</td></tr><tr><td><code class="varname">is-openpgp-key</code></td><td align="center">boolean</td><td>
the key is an <acronym class="acronym">OpenPGP</acronym> key (<code class="literal">true</code>),
or an <acronym class="acronym">S/MIME</acronym> key (<code class="literal">false</code>).
</td></tr><tr><td><code class="varname">was-validated</code></td><td align="center">boolean</td><td>
the key has been validated.
</td></tr><tr><td><code class="varname"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span>-ownertrust</code></td><td align="center">
validity<a href="#ftn.idm1834" class="footnote" name="idm1834"><sup class="footnote">[b]</sup></a>
</td><td>
the key has exactly
(<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span> = <code class="literal">is</code>),
has anything but
(<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span> = <code class="literal">is-not</code>),
has at least
(<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span> = <code class="literal">is-at-least</code>),
or has at most
(<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span> = <code class="literal">is-at-most</code>)
the ownertrust given as the value of the config key. If
more than one
<code class="varname"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span>-ownertrust</code>
keys (with different
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span> values) are present in a
single group, the behavior is undefined.
</td></tr><tr><td><code class="varname"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span>-validity</code></td><td align="center">validity</td><td>
Analogous to
<code class="varname"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span>-ownertrust</code>,
but for key validity instead of ownertrust.
</td></tr></tbody><tbody class="footnotes"><tr><td colspan="3"><div id="ftn.idm1755" class="footnote"><p><a href="#idm1755" class="para"><sup class="para">[a] </sup></a>
Context is an enumeration with the following
allowed values:
<code class="literal">appearance</code>,
<code class="literal">filtering</code>
and <code class="literal">any</code>.</p></div><div id="ftn.idm1834" class="footnote"><p><a href="#idm1834" class="para"><sup class="para">[b] </sup></a>
Validity is an (ordered) enumeration with the
following allowed values:
<code class="literal">unknown</code>,
<code class="literal">undefined</code>,
<code class="literal">never</code>,
<code class="literal">marginal</code>,
<code class="literal">full</code>,
<code class="literal">ultimate</code>. See the <span class="application">GPG</span> and
<span class="application">GpgSM</span> manuals for a detailed explanation.</p></div></td></tr></tbody></table></div></div><br class="table-break"><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Some of the more interesting criteria, such as
<code class="varname">is-revoked</code> or
<code class="varname">is-expired</code> will only work on
<span class="emphasis"><em>validated</em></span> keys, which is why, by
default, only validated keys are checked for revocation and
expiration, although you are free to remove these extra
checks.
</p></div><p>
In addition to the config keys listed above, a key filter may
also have an <code class="varname">id</code> and
<code class="varname">match-contexts</code>.
</p><p>
Using the filter's <code class="varname">id</code>, which defaults to
the filter's config group name if not given or empty, you can
reference the key filter elsewhere in the configuration, <abbr class="abbrev">e.g.</abbr>
in <span class="application">Kleopatra</span>'s View configurations. The <code class="varname">id</code> is not interpreted by
<span class="application">Kleopatra</span>, so you can use any string you like, as long as
it's unique.
</p><p>
The <code class="varname">match-contexts</code> limits the applicability
of the filter. Two contexts are currently defined: The
<code class="literal">appearance</code> context is used when defining
coloring and font properties for the views. The
<code class="literal">filtering</code> context is used to selectively
include (and exclude) certificate from
views. <code class="literal">any</code> can be used to signify all
currently defined contexts, and is the default if
<code class="varname">match-contexts</code> is not given, or otherwise
produces no contexts. This ensures that no key filter can end
up <span class="quote">“<span class="quote">dead</span>”</span>, <abbr class="abbrev">i.e.</abbr> with no contexts to apply it in.
</p><p>
The format of the entry is a list of tokens, separated by
non-word characters. Each of the tokens is optionally prefixed
by an exclamation point (<code class="literal">!</code>), indicating negation. The tokens act
in order on an internal list of contexts, which starts out
empty. This is best explained by an example: <code class="literal">any
!appearance</code> is the same as
<code class="literal">filtering</code>, and <code class="literal">appearance
!appearance</code> is producing the empty set, as is
<code class="literal">!any</code>. However, the last two will be
internally replaced by <code class="literal">any</code>, since they
produce no contexts at all.
</p><p>
In general, criteria not specified (<abbr class="abbrev">i.e.</abbr> the config entry is
not set) are not checked for. If a criterion is given, it
is checked for and must match for the filter as a whole to
match, <abbr class="abbrev">i.e.</abbr> the criteria are AND'ed together.
</p><p>
Each filter has an implied <span class="quote">“<span class="quote">specificity</span>”</span> that is
used to rank all matching filters. The more specific filter
wins over less specific ones. If two filters have the same
specificity, the one that comes first in the config file
wins. A filter's specificity is proportional to the number of
criteria it contains.
</p><div class="example"><a name="idm1898"></a><p class="title"><b>Example 6.1. Examples of key filters</b></p><div class="example-contents"><p>
To check for all expired, but non-revoked root certificates,
you would use a key filter defined as follows:
</p><pre class="screen">[Key Filter #<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span>]
Name=expired, but not revoked
was-validated=true
is-expired=true
is-revoked=false
is-root-certificate=true
; ( specificity 4 )</pre><p>
To check for all disabled <acronym class="acronym">OpenPGP</acronym> keys (not yet supported by <span class="application">Kleopatra</span>)
with ownertrust of at least
<span class="quote">“<span class="quote">marginal</span>”</span>, you would use:
</p><pre class="screen">[Key Filter #<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span>]
Name=disabled OpenPGP keys with marginal or better ownertrust
is-openpgp=true
is-disabled=true
is-at-least-ownertrust=marginal
; ( specificity 3 )</pre></div></div><br class="example-break"></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="admin-archive-definitions.html">Next</a></td></tr><tr><td class="prevCell">Administrator's Guide </td><td class="upCell">Administrator's Guide</td><td class="nextCell"> Configuring Archivers for Use with Sign/Encrypt Files</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="admin-archive-definitions.html"><html><head><title>Configuring Archivers for Use with Sign/Encrypt Files</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="admin.html" title="Chapter 6. Administrator's Guide"><link rel="prev" href="admin-key-filters.html" title="Creating and Editing Key Categories"><link rel="next" href="admin-checksum-definitions.html" title="Configuring Checksum Programs for Use with Create/Verify Checksums"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring Archivers for Use with Sign/Encrypt Files</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin-key-filters.html">Prev</a></td><td class="upCell">Administrator's Guide</td><td class="nextCell"><a accesskey="n" href="admin-checksum-definitions.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="admin-archive-definitions"></a>Configuring Archivers for Use with Sign/Encrypt Files</h2></div></div></div><p>
<span class="application">Kleopatra</span> allows the administrator (and power-user) to
configure the list of archivers that are presented in the
Sign/Encrypt Files dialog.
</p><p>
Each archiver is defined in
<code class="filename">libkleopatrarc</code> as a separate
<code class="literal">Archive Definition #<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span></code>
group, with the following mandatory keys:
</p><div class="variablelist"><dl class="variablelist"><dt><a name="archive-definition-extensions"></a><span class="term"><code class="literal">extensions</code></span></dt><dd><p>
A comma-separated list of filename extensions that
usually indicate this archive format.
</p></dd><dt><a name="archive-definition-id"></a><span class="term"><code class="literal">id</code></span></dt><dd><p>
A unique ID used to identify this archiver
internally. If in doubt, use the name of the command.
</p></dd><dt><a name="archive-definition-Name"></a><span class="term"><code class="literal">Name</code> (translated)</span></dt><dd><p>
The user-visible name of this archiver, as shown in the
corresponding drop-down menu of the Sign/Encrypt Files
dialog.
</p></dd><dt><a name="archive-definition-pack-command"></a><span class="term"><code class="literal">pack-command</code></span></dt><dd><p>
The actual command to archive files. You can use any
command, as long as no shell is required to execute
it. The program file is looked up using the
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="envar"><code class="envar">PATH</code></span> environment variable, unless you
use an absolute file path. Quoting is supported as if a
shell was used:
</p><pre class="programlisting">pack-command="/opt/ZIP v2.32/bin/zip" -r -</pre><p>
</p></dd></dl></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><a name="backslashes-in-config-keys"></a>Note</h3><p>
Since backslash (<code class="literal">\</code>) is an escape
character in <span class="orgname">KDE</span> config files, you need to double them when
they appear in path names:
</p><pre class="programlisting">pack-command=C:\\Programs\\GNU\\tar\\gtar.exe ...</pre><p>
However, for the command itself (as opposed to its
arguments), you may just use forward slashes
(<code class="literal">/</code>) as path separators on all platforms:
</p><pre class="programlisting">pack-command=C:/Programs/GNU/tar/gtar.exe ...</pre><p>
This is not supported in arguments, as most <span class="trademark">Windows</span>® programs
use the forward slash for options. For example, the
following will not work, since
<code class="literal">C:/myarchivescript.bat</code> is an argument to
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>cmd.exe</strong></span></span>, and <code class="literal">/</code> is not
converted to <code class="literal">\</code> in arguments, only
commands:
</p><pre class="programlisting">pack-command=cmd.exe C:/myarchivescript.bat</pre><p>
This needs, instead, to be written as:
</p><pre class="programlisting">pack-command=cmd.exe C:\\myarchivescript.bat</pre><p>
</p></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="admin-archive-definitions-filename-passing"></a>Input Filename Passing for <code class="literal">pack-command</code></h3></div></div></div><p>
There are three ways to pass filenames to the pack
command. For each of these,
<code class="literal">pack-command</code> provides a particular syntax:
</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>As command-line arguments.</p><p>
Example (tar):
</p><pre class="programlisting">pack-command=tar cf -</pre><p>
Example (zip):
</p><pre class="programlisting">pack-command=zip -r - %f</pre><p>
In this case, filenames are passed on the command line,
just like you would when using the command
prompt. <span class="application">Kleopatra</span> does not use a shell to execute the
command. Therefore, this is a safe way of passing
filenames, but it might run into command line length
restrictions on some platforms.
A literal <code class="literal">%f</code>, if present, is replaced
by the names of the files to archive. Otherwise,
filenames are appended to the command line. Thus, the
zip Example above could equivalently be written like this:
</p><pre class="programlisting">pack-command=zip -r -</pre><p>
</p></li><li class="listitem"><p>Via standard-in, separated by newlines: prepend <code class="literal">|</code>.</p><p>
Example (<acronym class="acronym">GNU</acronym>-tar):
</p><pre class="programlisting">pack-command=|gtar cf - -T-</pre><p>
Example (ZIP):
</p><pre class="programlisting">pack-command=|zip -@ -</pre><p>
In this case, filenames are passed to the archiver on
<acronym class="acronym">stdin</acronym>, one per line. This avoids
problems on platforms which place a low limit on the
number of command line arguments that are allowed, but
fails when filenames, in fact, contain newlines.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
<span class="application">Kleopatra</span> currently only supports
<acronym class="acronym">LF</acronym> as a newline separator, not
<acronym class="acronym">CRLF</acronym>. This might change in future
versions, based on user feedback.
</p></div></li><li class="listitem"><p>Via standard-in, separated by NUL-bytes: prepend <code class="literal">0|</code>.</p><p>
Example (<acronym class="acronym">GNU</acronym>-tar):
</p><pre class="programlisting">pack-command=0|gtar cf - -T- --null</pre><p>
This is the same as above, except that NUL bytes are
used to separate filenames. Since NUL bytes are
forbidden in filenames, this is the most robust way of
passing filenames, but not all archivers support it.
</p></li></ol></div></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin-key-filters.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="admin-checksum-definitions.html">Next</a></td></tr><tr><td class="prevCell">Creating and Editing Key Categories </td><td class="upCell">Administrator's Guide</td><td class="nextCell"> Configuring Checksum Programs for Use with Create/Verify Checksums</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="admin-checksum-definitions.html"><html><head><title>Configuring Checksum Programs for Use with Create/Verify Checksums</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="admin.html" title="Chapter 6. Administrator's Guide"><link rel="prev" href="admin-archive-definitions.html" title="Configuring Archivers for Use with Sign/Encrypt Files"><link rel="next" href="credits-and-license.html" title="Chapter 7. Credits and License"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring Checksum Programs for Use with Create/Verify Checksums</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin-archive-definitions.html">Prev</a></td><td class="upCell">Administrator's Guide</td><td class="nextCell"><a accesskey="n" href="credits-and-license.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="admin-checksum-definitions"></a>Configuring Checksum Programs for Use with Create/Verify Checksums</h2></div></div></div><p>
<span class="application">Kleopatra</span> allows the administrator (and power-user) to
configure the list of checksum programs that the user can
choose from in the config dialog and that <span class="application">Kleopatra</span> is able
to auto-detect when asked to verify a given file's checksum.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
To be usable by <span class="application">Kleopatra</span>, output of checksum programs
(both the written checksum file, as well as the output on
<acronym class="acronym">stdout</acronym> when verifying checksums) needs to
be compatible with <acronym class="acronym">GNU</acronym>
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>md5sum</strong></span></span> and
<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>sha1sum</strong></span></span>.
</p><p>
Specifically, the checksum file needs to be line-based with
each line having the following format:
</p><pre class="programlisting"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>CHECKSUM</code></em></span> ' ' ( ' ' | '*' ) <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>FILENAME</code></em></span></pre><p>
where <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>CHECKSUM</code></em></span> consists of
hex-characters only. If <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>FILENAME</code></em></span>
contains a newline character, the line must instead read:
</p><pre class="programlisting">\<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>CHECKSUM</code></em></span> ' ' ( ' ' | '*' ) <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>ESCAPED-FILENAME</code></em></span></pre><p>
where <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>ESCAPED-FILENAME</code></em></span> is the
filename with newlines replaced by <code class="literal">\n</code>s,
and backslashes doubled
(<code class="literal">\</code>↦<code class="literal">\\</code>).
</p><p>
Similarly, the output of
<a class="xref" href="admin-checksum-definitions.html#checksum-definition-verify-command"><code class="literal">verify-command</code></a> must be of the form
</p><pre class="programlisting"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>FILENAME</code></em></span> ( ': OK' | ': FAILED' )</pre><p>
separated by newlines. Newlines and other characters are
<span class="emphasis"><em>not</em></span> escaped in the output.<a href="#ftn.idm2017" class="footnote" name="idm2017"><sup class="footnote">[2]</sup></a>
</p></div><p>
Each checksum program is defined in
<code class="filename">libkleopatrarc</code> as a separate
<code class="literal">Checksum Definition #<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span></code>
group, with the following mandatory keys:
</p><div class="variablelist"><dl class="variablelist"><dt><a name="checksum-definition-file-patterns"></a><span class="term"><code class="literal">file-patterns</code></span></dt><dd><p>
A list of regular expressions that describe which files
should be considered checksum files for this checksum
program. The syntax is the one used for string lists in
<span class="orgname">KDE</span> config files.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Since regular expressions usually contain
backslashes, care must be taken to properly escape
them in the config file. The use of a config file
editing tool is recommended.
</p></div><p>
The platform defines whether the patterns are treated
case-sensitive or case-insensitive.
</p></dd><dt><a name="checksum-definition-output-file"></a><span class="term"><code class="literal">output-file</code></span></dt><dd><p>
The typical output filename for this checksum program
(should match one of the
<a class="xref" href="admin-checksum-definitions.html#checksum-definition-file-patterns"><code class="literal">file-patterns</code></a>, of
course). This is what <span class="application">Kleopatra</span> will use as the
output filename when creating checksum files of this
type.
</p></dd><dt><a name="checksum-definition-id"></a><span class="term"><code class="literal">id</code></span></dt><dd><p>
A unique ID used to identify this checksum program
internally. If in doubt, use the name of the command.
</p></dd><dt><a name="checksum-definition-Name"></a><span class="term"><code class="literal">Name</code> (translated)</span></dt><dd><p>
The user-visible name of this checksum program, as shown
in the drop-down menu in <span class="application">Kleopatra</span>'s config dialog.
</p></dd><dt><a name="checksum-definition-create-command"></a><span class="term"><code class="literal">create-command</code></span></dt><dd><p>
The actual command with which to create checksum
files. The syntax, restrictions and argument passing
options are the same as described for
<a class="xref" href="admin-archive-definitions.html#archive-definition-pack-command"><code class="literal">pack-command</code></a> in
<a class="xref" href="admin-archive-definitions.html" title="Configuring Archivers for Use with Sign/Encrypt Files">the section called “Configuring Archivers for Use with Sign/Encrypt Files”</a>.
</p></dd><dt><a name="checksum-definition-verify-command"></a><span class="term"><code class="literal">verify-command</code></span></dt><dd><p>
Same as
<a class="xref" href="admin-checksum-definitions.html#checksum-definition-create-command"><code class="literal">create-command</code></a>,
but for checksum verification.
</p></dd></dl></div><p>
Here is a complete example:
</p><pre class="programlisting">
[Checksum Definition #1]
file-patterns=sha1sum.txt
output-file=sha1sum.txt
id=sha1sum-gnu
Name=sha1sum (GNU)
Name[de]=sha1sum (GNU)
...
create-command=sha1sum -- %f
verify-command=sha1sum -c -- %f
</pre><p>
</p><div class="footnotes"><br><hr style="width:100; text-align:left;margin-left: 0"><div id="ftn.idm2017" class="footnote"><p><a href="#idm2017" class="para"><sup class="para">[2] </sup></a>
Yes, these programs were not written with graphical
frontends in mind, and <span class="application">Kleopatra</span> will fail to
correctly parse pathological filenames that contain
": OK" plus newline in them.
</p></div></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin-archive-definitions.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="credits-and-license.html">Next</a></td></tr><tr><td class="prevCell">Configuring Archivers for Use with Sign/Encrypt Files </td><td class="upCell">Administrator's Guide</td><td class="nextCell"> Credits and License</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-gnupg-system.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="admin-key-filters.html">Next</a></td></tr><tr><td class="prevCell">Configuring the <span class="application">GnuPG</span> System </td><td class="upCell"> </td><td class="nextCell"> Creating and Editing Key Categories</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="credits-and-license.html"><html><head><title>Chapter 7. Credits and License</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="admin-checksum-definitions.html" title="Configuring Checksum Programs for Use with Create/Verify Checksums"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Credits and License</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin-checksum-definitions.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="credits-and-license"></a>Chapter 7. Credits and License</h1></div></div></div><p><span class="application">Kleopatra</span> copyright 2002 <span class="firstname">Steffen</span> <span class="surname">Hansen</span>, <span class="firstname">Matthias</span> <span class="othername">Kalle</span> <span class="surname">Dalheimer</span>
and <span class="firstname">Jesper</span> <span class="surname">Pedersen</span>., copyright 2004 <span class="firstname">Daniel</span> <span class="surname">Molkentin</span>, copyright 2004, 2007, 2008, 2009, 2010 Klarälvdalens Datakonsult AB</p><p>Documentation copyright 2002 <span class="firstname">Steffen</span> <span class="surname">Hansen</span>, copyright 2004
<span class="firstname">Daniel</span> <span class="surname">Molkentin</span>, copyright 2004, 2010 Klarälvdalens Datakonsult AB</p><div class="itemizedlist"><p class="title"><b>Contributors</b></p><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="firstname">Marc</span> <span class="surname">Mutz</span> <code class="email">(mutz AT kde.org)</code></p></li><li class="listitem"><p><span class="firstname">David</span> <span class="surname">Faure</span> <code class="email">(faure AT kde.org)</code></p></li><li class="listitem"><p><span class="firstname">Steffen</span> <span class="surname">Hansen</span> <code class="email">(hansen AT kde.org)</code></p></li><li class="listitem"><p><span class="firstname">Matthias</span> <span class="othername">Kalle</span> <span class="surname">Dalheimer</span> <code class="email">(kalle AT kde.org)</code></p></li><li class="listitem"><p><span class="firstname">Jesper</span> <span class="surname">Pedersen</span> <code class="email">(blackie AT kde.org)</code></p></li><li class="listitem"><p><span class="firstname">Daniel</span> <span class="surname">Molkentin</span> <code class="email">(molkentin AT kde.org)</code></p></li></ul></div><p><a name="gnu-fdl"></a>This documentation is licensed under the terms of the <a class="ulink" href="help:/kdoctools5-common/fdl-license.html" target="_top">GNU Free Documentation
License</a>.</p><p>This program is licensed under the terms of the <a class="ulink" href="help:/kdoctools5-common/gpl-license.html" target="_top">GNU General Public License</a>.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin-checksum-definitions.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"></td></tr><tr><td class="prevCell">Configuring Checksum Programs for Use with Create/Verify Checksums </td><td class="upCell"> </td><td class="nextCell"> </td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="introduction.html">Next</a></td></tr><tr><td class="prevCell"> </td><td class="upCell"> </td><td class="nextCell"> Introduction</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME>
Generated by dwww version 1.15 on Wed May 22 06:46:50 CEST 2024.